Security audit
V002
Security checks across malware telemetry and agentic risk
Overview
This skill is a public trending-list fetcher with some overpromising documentation, but no hidden, destructive, credential-seeking, or persistent behavior was found.
Install only if you are comfortable with the skill contacting Bilibili, Douyin, and Toutiao public endpoints. Verify the package identity because embedded metadata and registry metadata do not fully align, and treat the README's AI, push, scheduling, and extra-platform claims as marketing or future work unless code is added.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.