Back to skill

Security audit

热点话题追踪

Security checks across malware telemetry and agentic risk

Overview

This is a read-only trending-topics helper that uses a disclosed third-party API and does not request credentials, local files, persistence, or privileged access.

Install this only if you are comfortable with your agent contacting the 60s.viki.moe API to retrieve live public trend lists. Avoid using it for sensitive private research, and treat returned topics and links as third-party web content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to send requests to a third-party endpoint without clearly disclosing that user-driven queries and request metadata may be transmitted off-platform. In an agent environment, this can create privacy, compliance, and trust risks, especially if users are not informed that external network access is occurring.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.