Back to skill

Security audit

Pc368 Probability Predictor

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed web-scraping prediction helper, with the main risk being overly broad trigger wording that could start it unintentionally.

Install only if you want an agent to browse an external PC368-related site and produce speculative predictions. Consider tightening activation to an explicit command before use, especially because the current wording may trigger on generic requests for trend or probability analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains short, generic phrases such as '分析走势', '概率预测', and '预测下一期' that can plausibly appear in broader conversations unrelated to this specific gambling-style prediction workflow. This creates unintended activation risk, causing the skill to launch scraping and prediction behavior when the user did not explicitly request this skill.

Vague Triggers

High
Confidence
97% confidence
Finding
The catch-all phrase '类似含义的指令' leaves the activation boundary undefined, allowing the agent to infer matches from loosely related user text. In this skill's context, that is more dangerous because activation leads to external website access, data scraping, and generation of gambling-related predictions, so accidental invocation has meaningful behavioral consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.