UAPI 程序员历史上的今天接口

Security checks across malware telemetry and agentic risk

Overview

This is a simple read-only skill for calling one public UAPI “programmer history today” endpoint, with only a minor routing risk from the broad word “today.”

Install this if you want an agent to use UAPI for programmer-history-today lookups. Be aware that the generic “today” trigger could cause irrelevant external calls in some conversations, and only provide a dedicated uapis.cn key if the service actually requires one.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The description includes the standalone trigger word 'today', which is far too generic for reliable routing. This can cause the skill to be selected for unrelated user requests about today's date, events, news, or general tasks, leading to unintended API calls and incorrect agent behavior.

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The common keyword list explicitly advertises 'today' as an English trigger without any contextual qualifier. In a skill-selection system, such a vague token can overmatch many benign requests and divert them into this skill, causing confusion, wasted quota, or unintended external requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal