Xiaozhi Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for helping users design other learning skills, with privacy guidance and no executable behavior.

Before installing, understand that this skill is meant to guide creation of other skills and may encourage use of learning profiles or uploaded study materials. Only allow long-term memory, reminders, or cross-skill sharing for data you are comfortable retaining, and prefer explicit consent and minimal shared fields.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill declares that it 'must' activate for a wide range of loosely related requests about creating, optimizing, or feeding materials into skills. Overly broad mandatory triggers can cause unintended invocation, override user intent, and route conversations into this meta-skill even when a narrower or safer skill would be more appropriate.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal