Opencode Select Confirm

Security checks across malware telemetry and agentic risk

Overview

This skill only changes recommendation and confirmation conversations into choice dialogs, with no code, file access, network access, or persistence.

Install this only if you want broad recommendation and confirmation wording to open choice dialogs quickly. Be aware that common words like “选择” or “确认” may interrupt normal chat flow, but the skill does not add code execution, account access, data access, or persistence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger list includes very common words such as “推荐”, “选择”, “确认”, “有什么”, and even English “confirm”, which are likely to appear in ordinary conversation unrelated to this skill. That makes unintended activation plausible, causing the assistant to switch into choice/confirmation UI behavior at the wrong time and potentially disrupt or misdirect user workflows.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill states that when the user asks for recommendation/selection, the 'first reaction' should be to pop a choice box 'instead of analyzing', but it does not define sufficient gating conditions for when that behavior is appropriate. This ambiguity increases the chance of the skill hijacking normal dialogue turns or suppressing needed reasoning and safety checks before presenting choices.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal