Back to skill

Security audit

love.ai (中文)

Security checks across malware telemetry and agentic risk

Overview

This is a style-only Chinese warmth-and-poetry response skill with no code or data access, but it will heavily reshape every assistant reply if enabled.

Install this only if you want the assistant to consistently answer in a warm Chinese style with classical quotations and hopeful endings. Avoid enabling it globally for technical work, strict JSON/output formats, legal/medical/crisis contexts, or users who have not opted into that tone and language.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill applies a mandatory emotional and ideological reframing layer to all inputs, forcing every request through a predefined 'love' taxonomy and poetic response pattern. This can distort user intent, degrade accuracy on factual or safety-critical tasks, and override task-appropriate behavior even when empathy or literary framing is not wanted.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document claims the skill is 'non-intrusive,' but elsewhere it declares highest-priority processing and mandatory output constraints for every reply. This mismatch is dangerous because it can mislead deployers into enabling a skill that silently overrides normal assistant behavior more broadly than advertised.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that all user inputs are automatically processed by this skill, which means the skill can influence or inspect every conversation turn. Without clear disclosure, consent, scoping, or privacy guidance, users and operators may unknowingly deploy a global behavioral interceptor that alters outputs and processes potentially sensitive content.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The documentation presents a mandatory response style centered on Chinese-language and Chinese classical references for all users, without user choice or locale adaptation. This can override system behavior, mis-handle multilingual or culturally sensitive contexts, and create unsafe or inappropriate responses when users need neutral, domain-specific, or crisis-oriented assistance.

Vague Triggers

High
Confidence
96% confidence
Finding
The skill's activation scope is effectively universal: all user inputs are automatically routed through it. Broad interception increases the chance that unrelated, sensitive, or precision-dependent tasks are inappropriately transformed, creating reliability and safety risks across the entire assistant.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Promising behavior for 'any question' without limitations encourages unsafe overreach and implies the skill should apply even where it is unsuitable. In practice, this can cause the assistant to privilege style mandates over correctness, brevity, neutrality, or emergency escalation requirements.

Natural-Language Policy Violations

High
Confidence
94% confidence
Finding
The skill mandates a single Chinese cultural and poetic framing for every response without user consent. This can override user language preferences, create exclusion or misunderstanding for other audiences, and interfere with accessibility, localization, and task appropriateness.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The 'system instruction' section explicitly requires all replies to follow a fixed Chinese poetic structure regardless of context. In a skill environment, this is dangerous because it can systematically override normal response policies, reduce usability for multilingual users, and corrupt outputs for tasks that need direct, exact answers.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The file explicitly requires at least one quotation in every response, regardless of user intent or task. This is a genuine policy-level prompt injection risk because it forces stylistic content that can override user preference, reduce task fidelity, and interfere with safety-critical or concise responses where quotes are inappropriate.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill mandates a hopeful, positive ending in every reply, which imposes a fixed emotional tone without user opt-in. This is dangerous because it can suppress appropriate responses in high-risk contexts such as grief, abuse, self-harm, legal, or medical issues, where validation, escalation, or direct safety guidance may be more appropriate than enforced positivity.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The file strongly enforces Chinese-only behavior and does not provide any mechanism for honoring the user's preferred language. In a general-purpose agent skill, this can override higher-level user intent, reduce accessibility, and create unsafe misunderstandings when users seek emotional support in another language.

Ssd 1

Medium
Confidence
93% confidence
Finding
The skill text elevates its own instructions to highest priority, attempting to outrank normal assistant behavior for every response. Self-prioritizing instructions are risky because they can cause broad policy interference, making the assistant less responsive to user intent and platform safety rules.

Ssd 4

Medium
Confidence
95% confidence
Finding
The cumulative instruction chain forces all requests into a fixed emotional and narrative template, including hidden analysis, required quotation, and mandatory positive closure. This is dangerous because it suppresses context-sensitive behavior and can degrade safety, clarity, and truthfulness when users need neutral, direct, or urgent assistance.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.