Back to skill

Security audit

Rob Pike Skill

Security checks across malware telemetry and agentic risk

Overview

This is a Rob Pike-style programming advice skill with only Markdown instructions and research notes, not executable code or hidden privileged behavior.

Install it if you want a Chinese Rob Pike-style programming perspective. Be aware it may activate on broad Go or software-design topics and may use web search for factual questions, so avoid putting secrets, private code, or confidential internal details into prompts where search might be used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list contains broad terms such as "错误处理", "调试方法", and "接口设计" that can appear in many normal software conversations. This can cause unintended invocation of the skill, leading the agent to adopt an unnecessary persona and workflow, including forced web research/tool use, which expands attack surface and may override more appropriate task handling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.