Security audit

Lord Of Mysteries 诡秘之主

Security checks across malware telemetry and agentic risk

Overview

This is a static Lord of Mysteries lore skill with no executable install hooks, but several entries contain real-world-style unsafe instructions.

Review before installing. The skill appears non-executable and not designed to access your system, but assistants using it could quote unsafe how-to text unless constrained. Prefer an edited version that marks all hazardous practices as fiction-only and removes procedural details involving blood, animal materials, ingestion, candles, broken glass, corpse handling, schools, concealment, and poisoning tactics.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (8)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This is a true safety issue because the markdown provides step-by-step ritual instructions involving isolation in a locked room, candle use, and intentionally breaking a mirror, which can encourage hazardous real-world imitation. Although framed as fictional worldbuilding, the content is operational enough to be followed and includes reassuring language such as '几乎不会出什么问题,' which may lower user caution rather than discourage enactment.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This section provides step-by-step instructions for inducing an altered perceptual or quasi-meditative state ('初步灵视') before presenting safety cautions. Even though the content is fictional/worldbuilding material, it is formatted as actionable real-world guidance and includes claimed effects such as visual changes, hallucination-like symptoms, and sensitivity changes, which could encourage experimentation by users without adequate warning.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The content gives concrete instructions to collect fresh blood, heat it, and drink it to obtain a supposed effect, while explicitly describing severe harms such as anemia and cancer. Even though framed as fictional worldbuilding, these are actionable self-harm and unsafe-ingestion steps that could be imitated by users, especially because no warning or discouragement is provided.

Missing User Warnings

High

Confidence: 97% confidence
Finding: This section provides a specific animal-derived recipe with quantities, equipment, heating steps, and ingestion-oriented preparation using parrot body parts and blood. In the context of a knowledge skill, this makes harmful animal abuse, biohazard exposure, and unsafe consumption materially easier, and the fantasy framing does not sufficiently reduce risk because the instructions are still operational.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The text instructs the reader to create the act in a school setting during class and to preserve 'uniqueness' by ensuring only the actor knows about it, including advice to avoid others knowing the source materials. Guidance that combines a risky act with concealment and a school environment increases concern because it normalizes covert unsafe behavior around minors or bystanders.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The file includes step-by-step corpse-processing and occult ritual instructions presented in an actionable format, without any warning, fictional-context guardrail, or transformation to high-level lore summary. Even if framed as fictional worldbuilding, this kind of procedural bio/ritual content can be misused as harmful guidance and is more dangerous because the skill is a searchable knowledge base that may surface the instructions directly in response to user queries.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The text explicitly instructs the reader to deeply impersonate another person, integrate into their relationships, and succeed when close contacts cannot detect the substitution. Even in a fictional lore skill, this normalizes deceptive identity replacement without any safety framing, which could be repurposed as guidance for social engineering, fraud, or coercive impersonation.

Ssd 2

Medium

Confidence: 95% confidence
Finding: The text contains concrete, step-by-step guidance for luring, impairing, and lethally attacking a target species, including bait choice, an intoxicating additive, expected physiological effects and duration, and application of a toxic substance to weapons. Even though framed as fictional lore about fishmen, it operationalizes harm techniques and could normalize or be repurposed as guidance for real-world poisoning or hunting violence patterns.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.