流体网络求解器

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local fluid-network calculator and I found no evidence of hidden data access, exfiltration, persistence, or destructive behavior.

Install only if you need a local engineering calculation aid for TOML-described, steady linear fluid networks. Treat results as advisory, especially for real hydraulic, chemical, safety-critical, transient, or compressible systems, and consider removing the bundled virtual environment in favor of installing the listed dependencies cleanly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation conditions are broad ('用户需要分析流体网络', '需要计算管路流量和压力分布') and could cause the orchestrator to invoke this skill in situations where inputs are incomplete, unrelated, or safety-critical without tighter scoping. Over-broad invocation increases the chance of misuse, incorrect analysis, or the model treating untrusted input as valid engineering data, which can mislead downstream decisions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal