Back to skill

Security audit

Naming Expert

Security checks across malware telemetry and agentic risk

Overview

This is a naming helper with no code execution or data access, and its only notable issue is a broad trigger for vague naming requests.

Install this if you want a Chinese-oriented naming assistant. Be aware that short requests like “help me think of a name” may route to this skill, and independently verify trademarks, domains, and cultural meanings before using a final name commercially.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill’s trigger description explicitly says it should activate even for vague phrases like “帮我想个名字” or “取个好名,” which broadens invocation beyond clearly scoped naming tasks. This can cause unintended routing of unrelated conversations into the skill, reducing user control and potentially bypassing more appropriate assistants or workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.