Shike Huashu Perspective

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Chinese persona and methodology skill for AI product-building advice, with no executable code, credential use, persistence, or hidden data access found.

Install this only if you want a Chinese, persona-based AI coding and product-methodology advisor. Treat the business/product claims, contact details, and payment links as informational, and rely on your agent or your own settings to keep responses in your preferred language when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description is very broad, covering general AI coding methodology, zero-code development, product building, and related topics. In agent ecosystems, overly broad invocation criteria can cause the skill to trigger in many ordinary conversations, unexpectedly steering outputs toward the author's perspective and reducing user control over tool/skill selection.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill content is almost entirely written to respond in Chinese and in a specific branded voice, without indicating that language and style should adapt to the user's preferences. If auto-invoked, this can override the user's locale or communication expectations, causing confusing or unsuitable responses and making the skill more intrusive when paired with its broad trigger conditions.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal