Back to skill

Security audit

UAPI Epic 免费游戏 接口

Security checks across malware telemetry and agentic risk

Overview

This appears to be a narrowly scoped Epic free-games information skill with one minor trigger-word scoping issue, not evidence of harmful behavior.

Safe to install if you want Epic free-game lookup help. Be aware that one broad trigger may cause it to activate for general game-information questions; prefer using explicit Epic free-game wording, and the publisher should narrow the trigger list in a future version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger keyword list includes the broad Chinese phrase "游戏资料" (game information), which can match many unrelated game-information requests that are not specifically about Epic free games. This can cause the agent to invoke the wrong skill, leading to incorrect API calls, user confusion, or unintended data handling paths; in a routing system, overly broad triggers are a genuine security and reliability concern because they expand the skill's authority beyond its intended scope.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.