Security audit

Power Electronics

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed power-electronics helper with local calculation scripts and reference notes; the main caution is broad activation keywords, not malicious behavior.

Installers should be aware that this skill may activate on broad power-electronics terms, including QR, rectification, or inversion. Review the bundled scripts if you plan to run calculations, and only follow the optional publishing/token setup if you are publishing the skill yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes several broad domain terms that can cause the skill to activate on generic power-electronics discussions rather than explicit user intent to use this skill. Unintended invocation can expose tool-enabled behavior (bash/read/write) in contexts where the user did not mean to call the skill, increasing the chance of mis-execution or unnecessary file/tool access.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 86% confidence
Finding: The trigger 'QR' is extremely short and highly ambiguous, so it may match unrelated user inputs such as references to QR codes. This can cause accidental invocation of a tool-enabled skill in irrelevant contexts, creating avoidable exposure to unintended automation.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 82% confidence
Finding: The trigger '整流' is a common technical term that may appear in broad educational or engineering discussions without intent to invoke this particular skill. Because the skill has bash/read/write tools, overly permissive matching increases the risk of accidental activation and unnecessary tool availability.

Overly Broad Trigger

Low

Category: Trigger Abuse
Confidence: 82% confidence
Finding: The trigger '逆变' is also a broad, generic term that may occur in many unrelated or high-level discussions. This broad matching can lead to false activations of a skill that exposes execution and file-manipulation tools, which is undesirable even if the content itself is not overtly harmful.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.