Zerotoken Skill

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a language-specific prompt skill with no evidence of harmful code, hidden data access, persistence, or destructive behavior.

Install this if you want a Chinese-language skill or are comfortable overriding its language behavior. If you expect adaptive English responses, review the prompt first because it may default to Chinese.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The skill metadata and default prompt explicitly use Chinese and instruct a Chinese-language operating mode without any indication that the user requested or consented to that language. This can cause the agent to ignore user language preferences, degrade usability, and create safety/compliance issues if critical instructions or warnings are presented in an unexpected language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal