Juejin

Security checks across malware telemetry and agentic risk

Overview

This is a simple writing guide for publishing technical articles on Juejin, with no executable code or hidden access requests.

Safe to install as a Juejin writing guide. Before publishing, review article text, code snippets, screenshots, links, and image metadata so you do not expose credentials, private company information, unpublished code, or personal details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill instructs users to preview and publish content but does not clearly warn that published articles become publicly visible and may expose personal, organizational, or sensitive information. In a content-publishing workflow, this omission can lead users to unintentionally disclose private data, proprietary code snippets, credentials, internal URLs, or identifying details.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal