S2 品牌舆情雷达与周报系统

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only brand monitoring skill that asks the agent to search public news and social sources, with no code, persistence, credentials, or account-changing behavior shown.

Install this only if you want public brand-reputation reports. Use public brand and industry terms, avoid entering confidential crisis or launch details, ask the agent to cite sources, and verify reputational conclusions before using them for PR or business decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README explicitly promotes broad web and social-platform monitoring and sentiment analysis, but it does not warn users about privacy, personal-data handling, retention, consent, or legal/compliance boundaries. Because the skill is positioned as a turnkey brand-intelligence tool, users may process personal posts, complaints, or profile data without understanding the privacy implications, increasing risk of misuse or non-compliant surveillance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal