SPIN 销售法 Spin Sales Skill

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal SPIN sales coaching skill, but some customer-facing scripts misleadingly deny sales intent despite the skill being built for sales conversations.

Install only if you are comfortable with a Chinese-language B2B sales coaching workflow, and review or rewrite the opening scripts before using them with real prospects. Avoid claims that hide commercial intent, and enable memory or web-search access only when the customer and business context being used is appropriate for that workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The file is entirely written in Chinese and presents the interaction framework as default content without any visible language selection or opt-in. This can exclude users who do not read Chinese, increase the chance of misunderstanding in customer-facing sales conversations, and create accessibility and fairness issues, though it does not directly enable code execution or data exfiltration.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal