tech-exp-distill

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language informational skill for IT best practices, with no executable code or suspicious data access behavior found.

Install if you want a Chinese-language IT best-practices reference skill. Be aware it may activate for many general software engineering topics and has auto-update enabled from public technology sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation description is very broad, covering general IT development, architecture, DevOps, data engineering, and technical learning scenarios. In an agent ecosystem, this can cause the skill to trigger in many ordinary technical conversations, increasing unintended invocation and the chance that its guidance overrides more appropriate, narrower skills or user intent.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The skill description is only in Chinese and does not declare a locale restriction or multilingual support. This can lead to accidental routing of non-Chinese users into a skill they cannot understand, creating confusion, misinterpretation of guidance, and unreliable agent behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal