Opportunity Finder

Security checks across malware telemetry and agentic risk

Overview

This is a research-guidance skill for finding product opportunities, with no executable code, persistence, credential handling, or hidden install behavior.

This skill appears safe to install from a security perspective. Before relying on its recommendations, users should specify target geography and language, especially if they are not researching China or WeChat Mini Programs, because the default research workflow may bias the market analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The manifest description uses very broad trigger phrases for generic product ideation, which can cause the skill to activate for loosely related requests. Over-broad activation is dangerous because it can route users away from a more appropriate skill and cause unintended web-research actions or low-quality guidance based on the wrong workflow.

Natural-Language Policy Violations

Medium

Confidence: 91% confidence
Finding: The research process hardcodes Chinese-language queries and Chinese data sources without asking for the user's preferred language, geography, or market. This can bias results, misrepresent demand, and produce materially incorrect recommendations for users targeting other locales, making the skill unreliable and potentially harmful for business decision-making.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal