S2 Hanzi Antonym Logic

Security checks across malware telemetry and agentic risk

Overview

This is a text-only stylistic skill that changes how the agent describes ambient controls, without code, tools, credentials, or persistence.

Install this only if you want the agent to use a poetic Hanzi/antonym style for environment-related conversations. For real smart-home actions, ask for exact numeric settings and confirmation, and review any separate hardware-control plugin before installing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger guidance encourages activation through vague phrases like 'balance the space' and 'render the environment,' which can easily overlap with normal conversation about comfort or ambiance. In an agent skill context, ambiguous activation language increases the risk of unintended invocation and unintended control of connected environmental systems, especially if later integrated with smart-home hardware.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to replace standard numeric/environmental controls with a Chinese Hanzi-based conceptual framework and says the agent 'MUST' follow these linguistic protocols. This imposes a specific language and interaction model without user opt-in, which can confuse users, reduce clarity of safety-critical environmental actions, and interfere with expected agent behavior.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal