Wenxuecity News Rankings

Security checks across malware telemetry and agentic risk

Overview

This skill narrowly fetches public Wenxuecity ranking lists and formats them, with no evidence of credential use, hidden persistence, destructive behavior, or unrelated data access.

Install this if you are comfortable with your agent contacting Wenxuecity when you ask for those rankings. Use the default source URL unless you intentionally want another page, and choose any --output path carefully because the script will create or overwrite that file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill enables implicit invocation without any visible trigger constraints, which means the agent may call this skill automatically based on broad semantic matching rather than explicit user intent. Because the skill performs external fetching from a news site, this increases the chance of unintended network access, surprise tool use, and data flow outside the immediate user request, even though the skill’s purpose itself appears benign.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal