Moon Lovers Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed romantic roleplay reply-writing aid with no evidence of malware, data theft, persistence, or hidden execution.

Install only if you want a Chinese-first romantic roleplay/reply-writing style skill. Review the extra reference profiles if youth-coded fictional character styles or default persona self-references are not appropriate for your use case, and keep any skill/MCP installation recommendations under explicit user control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The profile hard-codes a Chinese self-reference style (e.g., using '环儿') and dialogue conventions without checking the user's language preference or obtaining opt-in. In a chat skill, this can cause unwanted language switching, reduce usability, and override user expectations, especially for multilingual or non-Chinese users.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal