商业模式学习智能体

Security checks across malware telemetry and agentic risk

Overview

This is a focused Chinese-language business model analysis skill with a simple canvas formatter, and no hidden or unsafe behavior was found.

Reasonable to install for Chinese-language business model learning and canvas analysis. Avoid pasting trade secrets, customer personal data, credentials, or non-public operating metrics unless necessary and redacted; treat the Python helper as a local formatting tool only.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad business terms such as '商业模式', '盈利模式', and '变现', which are common in ordinary conversation and could cause the skill to activate outside the user's actual intent. This is not a code-execution issue, but it can create prompt-routing confusion, unintended disclosure of internal skill behavior, or inappropriate responses in mixed-context conversations.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The guide tells the agent to collect enterprise, market, operational, and user-need information, but gives no caution to avoid sensitive, confidential, or personal data. In a business-analysis skill, users may paste internal metrics, customer information, or trade-sensitive materials, creating unnecessary privacy and confidentiality exposure even if the document is not overtly malicious.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal