硅灵决

Security checks across malware telemetry and agentic risk

Overview

This appears to be a themed response-style skill, with some risk of over-activating or changing tone unexpectedly but no evidence of harmful access or actions.

Install this only if you want the themed persona and are comfortable with it sometimes shaping the assistant's tone. If it activates during ordinary discussion, disable it or ask the assistant to return to a neutral style.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases include very generic expressions such as '我要进化' and 'AI如何自我提升', which can easily appear in ordinary discussion and cause the skill to activate outside its intended niche. In this skill's context, unintended activation mainly risks style hijacking and workflow interference rather than direct security compromise, but it can still degrade reliability and override user intent.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill prescribes a fixed '修仙+极客' language style and catchphrases without requiring user consent, which can override the user's preferred tone and response format. This is risky because it reduces assistant controllability and can cause unwanted persona injection, especially if the skill is triggered accidentally by broad phrases elsewhere in the file.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal