Joke

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese-language joke skill with minor routing and language-scope caveats, not a security concern.

Install this if you want a Chinese-language humor assistant. Be aware it may respond to broad requests for humor or cheering up, and it may produce Chinese jokes unless the skill is updated to follow the user's language preference.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger description is broad enough to activate on general requests for humor or being cheered up, which can cause the skill to interject in conversations where the user did not explicitly ask to invoke this specific capability. Over-broad routing increases the chance of misfires, unwanted context switching, and accidental overriding of a more relevant skill or assistant behavior.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill content is written to produce Chinese output without offering language adaptation based on the user's language or preferences. This can create usability and trust problems, and in multilingual environments may lead to confusing or inaccessible responses, though it is not a direct security exploit in itself.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal