Flutter Expert

Security checks across malware telemetry and agentic risk

Overview

This is a simple Flutter coding-advice skill with no executable code, credential access, persistence, or hidden behavior.

Install only if you want Flutter answers to be steered toward this skill's preferred stack and style, especially Riverpod, GoRouter, clean architecture, and Chinese-language expert guidance. Review any generated code or suggested Flutter commands before applying them to a project.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The README states that the skill will automatically activate for general Flutter-related help, which is an overly broad trigger surface for a specialized agent skill. In an agent environment, broad activation can cause the skill to be invoked for many routine requests, increasing the chance of unintended instruction injection, user confusion, or the skill influencing tasks outside its intended scope.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation guidance '当用户请求 Flutter 相关帮助时' is very broad and lacks scope boundaries, so the skill may engage on nearly any Flutter-related prompt. Over-broad activation can cause the agent to apply specialized instructions in unintended contexts, increasing the chance of inappropriate tool use, misleading authority, or interference with other safer/more relevant skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal