Xiaozhi Interest Explorer

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language interest exploration coaching skill with no executable code, network behavior, credential use, or hidden high-impact actions.

Install this if you want a Chinese-language interest exploration coach. Before using it with students, be clear about what reflection data is recorded, when summaries are shared with parents, and ensure any reminders or cross-skill writes happen only with the student's or guardian's consent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill defines activation criteria so broadly that it can trigger for a wide range of general self-discovery, growth-planning, and interest-related conversations, including cases where the user may not actually want this workflow. This can cause unintended routing, override more appropriate skills, and pressure the agent into a fixed exploration framework without sufficient user consent or relevance checks.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The skill requires activation and interaction content in Chinese and does not offer a language fallback or justify a strict locale restriction. In multilingual environments this can lead to user confusion, miscommunication, and incorrect execution of the workflow, especially if the system auto-invokes the skill for users who are not Chinese speakers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal