雀阴·平衡魄

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only scheduling skill with no code, credentials, install steps, or hidden data access.

Install only if you want a Chinese-language planning aid for task scheduling and load-balancing advice. Review activation behavior in your agent so ordinary mentions of workload do not route unexpectedly, and treat its resource monitoring language as advisory unless you separately grant trusted tools for system metrics.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger examples are broad enough that ordinary user requests like handling several tasks or mentioning high system load could activate the skill unintentionally. In an agent environment, this can cause inappropriate routing, unexpected scheduling behavior, or interference with other skills, especially because the skill is framed as a general coordinator for many tasks.

Natural-Language Policy Violations

Medium

Confidence: 77% confidence
Finding: The skill is written to operate in Chinese without offering language negotiation or fallback behavior, which can cause misinterpretation of instructions, outputs, or safety-relevant details for users expecting another language. While this is not a direct exploit primitive, it can degrade reliability and increase the chance of unsafe execution decisions in multilingual deployments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal