墨迹天气 (Moji Weather CN)
Security checks across malware telemetry and agentic risk
Overview
No artifact-backed security concern was identified from the supplied clean scan context, but the target artifact files were not available in the workspace for deeper verification.
The supplied telemetry is clean and VirusTotal is still pending, so there is no artifact-backed reason to block installation. Because the artifact files were unavailable for direct inspection, review the skill’s actual instructions and any bundled scripts before installing, especially for shell commands, downloads, credential use, or file deletion.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
VirusTotal findings are pending for this skill version.