KL8 Lottery Data

Security checks across malware telemetry and agentic risk

Overview

This is a small lottery data lookup skill with local hardcoded data and no evidence of hidden access, persistence, or data exfiltration.

Install only if you are comfortable with a community, non-provenance package containing hardcoded March-April 2026 KL8 data. Expect mostly Chinese output, and verify lottery data freshness and accuracy independently before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 95% confidence
Finding: This Python file hard-codes user-facing strings and docstrings in Chinese throughout the skill, including titles, prompts, and printed output. Under the policy rule for natural-language violations, forcing a specific language without user opt-in is a locale/language constraint that should be surfaced.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal