福利彩票(welfare-lottery)

Security checks across malware telemetry and agentic risk

Overview

This skill fetches public Chinese welfare lottery results and offers disclosed, entertainment-framed number analysis without credential use, persistence, or hidden data handling.

Safe to install for checking public 双色球 results. Treat any predicted numbers as entertainment, verify draw results against the official source, and do not provide credentials or personal data because this skill has no reviewed need for them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list is extremely broad and includes many generic lottery-related phrases, which can cause the skill to activate for ordinary conversation rather than a clear user request. Unintended invocation can lead to irrelevant tool use, unexpected external data fetching, and a degraded safety boundary because the skill may act without sufficiently explicit user intent.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal