Hot Topics

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only helper for fetching Chinese social-media trending topics, with minor clarity gaps about when to use it and third-party API calls.

Install if you want an agent to retrieve China-focused social-media trends from 60s.viki.moe. For ambiguous trend questions, specify the Chinese platform or region you mean, and avoid including private or sensitive interests, client names, or business context in requests that may be sent to the third-party API.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill's activation guidance is broad enough to match many generic requests about trends or popular discussions, which can cause an agent to invoke this skill in situations where a narrower or more relevant source should be chosen. Over-broad routing increases the chance of unnecessary third-party API calls and can bias answers toward this external provider without clear user intent for Chinese-platform data.

Natural-Language Policy Violations

Low

Confidence: 74% confidence
Finding: The description binds the skill to Chinese social-media platforms but does not clearly state that use should depend on the user's requested locale, language, or platform preference. This can lead to silent mismatches where users asking for general trends receive China-specific results, reducing relevance and potentially causing misleading outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal