网红蛋糕

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a low-risk cake-discovery helper with a somewhat broad trigger, but no evidence of hidden access, persistence, data exfiltration, or destructive behavior was found.

This looks acceptable to install for cake-related recommendations or planning. Be aware that it may activate too readily for broad travel or local-search prompts involving 网红蛋糕, so clarify your intent if you wanted general trip planning instead.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill’s trigger scope is broad enough to match generic travel, local search, or itinerary-planning requests whenever '网红蛋糕' is mentioned, without clear constraints on when the skill should or should not activate. This can cause inappropriate routing, lower-quality responses, or unintended invocation over more suitable domain skills, though it does not expose a direct code-execution or data-exfiltration path in the provided content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal