Ximalaya

Security checks across malware telemetry and agentic risk

Overview

This skill only guides light summaries of public Ximalaya pages and does not install or run code.

Install only if you want the agent to open public Ximalaya pages and summarize visible public metrics. Do not use it for login-only content, downloading audio, bulk scraping, API reverse engineering, or bypassing platform protections.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description says the skill should be invoked whenever access to or automation of Ximalaya-related content is needed, which is broader than the actual documented scope of only lightweight analysis of public pages. Overly broad activation can cause the agent to select this skill in contexts beyond its safe boundaries, increasing the chance of inappropriate web automation against a third-party site or use on unsupported tasks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal