3steps To Wisdom

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese communication-guidance skill with a disclosed local license check and no evidence of data theft, persistence, or destructive behavior.

Before installing, be aware that the skill expects a local license file and asks the agent to run its included verify.py script. The reviewed script only checks that license file and prints the skill content or renewal instructions, but users who do not want skills to run local code for licensing should avoid it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to emit a fixed Chinese message ("请续费") and presents all skill content in Chinese without any user language preference check. This can override expected assistant behavior, reduce usability for non-Chinese users, and create deceptive gating behavior by forcing a license-check workflow before revealing content. The embedded instruction to run a local verification script also increases suspicion because skill content is attempting to control execution flow rather than merely provide guidance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal