Back to skill

Security audit

小红书中英双语爆款文案生成器

Security checks across malware telemetry and agentic risk

Overview

This appears to be a content-writing helper with some overbroad formatting behavior, but no evidence of unsafe access, hidden execution, or data misuse.

Install if you want help drafting social-media promotional content, especially bilingual Chinese/English material. Review outputs for tone, accuracy, and whether bilingual formatting is wanted; avoid relying on it for generic writing tasks where the viral/social framing is not desired.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill's activation criteria are overly broad and can match routine writing or promotion requests without clear scoping, making it likely to trigger when the user did not specifically ask for this specialized behavior. In an agent setting, this can cause inappropriate skill selection, unnecessary persuasive optimization, and policy-relevant output shaping focused on maximizing engagement rather than the user's actual intent.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill hard-codes bilingual Chinese and English output regardless of user preference, which overrides normal user-directed formatting and can produce unnecessary disclosure, confusion, or prompt-space bloat. In agent workflows, this reduces user control and may cause the assistant to ignore explicit language or brevity preferences, degrading reliability and increasing the chance of unintended content generation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.