自动刷新技能

Security checks across malware telemetry and agentic risk

Overview

This instruction-only auto-refresh skill is purpose-aligned, but repeated clicks or keypresses can cause unintended UI actions if used carelessly.

Install or use this only if you intentionally want repeated refresh, click, or key automation. Keep the intended browser or app focused, avoid running it on checkout pages, admin screens, forms, or destructive workflows, use conservative intervals, and make sure you know how to stop the loop.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly supports automated clicks and keystrokes but does not warn that these actions can interact with arbitrary UI elements, submit forms, trigger purchases, delete data, or otherwise change system state. In this context, the omission is security-relevant because repeated unattended input can have unintended side effects, especially when coordinates or keys are user-supplied and the active window may change over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal