星芒答辩评委

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese academic defense practice skill that only guides conversation, asks tailored questions, and gives scores and feedback without hidden access or executable behavior.

Reasonable to install if you want a Chinese academic defense rehearsal assistant. Avoid pasting confidential or unpublished research unless you are comfortable sharing it in the agent session, and be aware that broad Chinese defense-related wording may trigger this structured practice mode.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger conditions are broad and partly ambiguous, such as activating on general mentions of '答辩' or when a user '主动要求答辩评委帮助'. This can cause unintended invocation in unrelated contexts, leading to context confusion, inappropriate responses, or unexpected handling of user-provided academic content.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The skill is written entirely in Chinese with no language choice or opt-in, which can create usability and consent issues for users who do not read Chinese. In security terms this is mainly a safety and accessibility weakness: users may trigger or interact with the skill without understanding its behavior, limits, or scoring logic.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal