UAPI Adcode 国内外行政区域查询接口

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow read-only helper for a UAPI administrative-region lookup, with a routing caveat around broad “district” wording.

Install this if you are comfortable with an agent using UAPI for administrative-region searches. For ambiguous requests that merely mention “district,” confirm that the UAPI Adcode lookup is intended before allowing an external call, especially if the query includes precise coordinates or sensitive location context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes very broad English phrases such as "district" and "district lookup," which can match many unrelated user requests and cause this skill to be selected when the user did not intend to call the UAPI administrative-region endpoint. In an agent setting, unintended invocation can lead to incorrect tool use, unnecessary external requests, and possible disclosure of user-provided location-related input to a third-party API.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal