Phase-Locked Loop Parameter Tuning (锁相环参数整定)

Security checks across malware telemetry and agentic risk

Overview

This is a narrow PLL calculation helper with a documentation/default-parameter issue, not evidence of malicious or high-risk agent behavior.

This skill appears safe to install from a security perspective, but do not rely on silent defaults for engineering work. Confirm Unom, f0, zeta, and units before using the results, and rename or convert the .txt script files if you intend to run them as MATLAB functions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill contains contradictory operating rules about whether Unom must be explicitly collected before calculation or may default to 690V. In an engineering calculation skill, this inconsistency can cause the agent to silently use the wrong voltage base, producing materially incorrect PLL tuning results that may mislead users during design or commissioning.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal