Otaku Wiki

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward AniList lookup helper that runs a local Python script and sends anime-related search terms to AniList.

Install this if you are comfortable with your agent running the bundled Python script and sending anime, character, or staff search terms to AniList. Avoid using private or sensitive text as lookup terms, and be aware the skill instructs responses to be in Chinese.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The activation guidance is broad: the skill should engage whenever a user asks about anime, characters, voice actors, ratings, episodes, or comparisons, without a narrow trigger phrase or boundary. Over-broad activation can cause the agent to invoke this skill in unintended contexts and send user input to the external script/API when the user did not clearly request a lookup.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The skill mandates responding in Chinese regardless of user preference. While not directly enabling code execution or data exfiltration, this can override user intent, reduce clarity of consent around external lookups, and increase the chance of misleading or inaccessible responses for non-Chinese-speaking users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal