影视资源搜索技能

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is transparent about what it does, but it is designed to find third-party cloud-drive download links for movies, TV, and anime without authorization safeguards.

Install only if you are comfortable with agents querying a third-party API for media titles and returning unverified Baidu/Quark links. Use it only for content you know is authorized, public-domain, or otherwise lawful, and treat returned links and downloads as untrusted external content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs sending the user's requested movie or show title to a third-party API without any disclosure or consent flow. Even if the query seems low sensitivity, it still leaks user intent and activity to an external service, and the skill is specifically designed around obtaining file-sharing links, which increases privacy, policy, and trust risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal