Yiri App Version Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it checks a public Huawei AppGallery page for the current version of the 一日记账 app.

Before installing, expect Playwright to download Chromium and the skill to open Huawei AppGallery in a headless browser when triggered. If you only want it to run for explicit version checks, narrow the trigger phrases or confirm intent before running it in chat automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger keyword "一日记账 app" is overly broad and can cause the skill to activate for general discussion about the app rather than only version-check requests. This can lead to unintended browsing or scraping actions, wasting resources and causing surprising behavior, though the security impact is limited because the skill only retrieves public version information from a fixed source.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal