中国建设工程商事调解智库（东方智慧版）

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese construction-dispute mediation guidance skill with no evidence of hidden execution, data access, persistence, or destructive behavior.

Install this if you specifically want Chinese-language help structuring or evaluating construction and commercial mediation positions. Do not treat it as legal advice, and avoid using it for unrelated disputes or in languages the user does not understand without explicit clarification.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are generic enough that the skill could be invoked for broad dispute-resolution or advisory requests beyond construction mediation, causing the agent to apply domain-specific mediation heuristics in the wrong context. In a legal-adjacent skill, unintended activation increases the chance of irrelevant or misleading guidance, especially where users may rely on it for sensitive commercial disputes.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill is written entirely in Chinese and does not offer any language selection, fallback, or opt-in mechanism. This can exclude users who cannot read Chinese, increase the risk of misunderstanding in a legal/mediation context, and may cause users to rely on outputs they do not fully understand.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal