滑雪场查询

Security checks across malware telemetry and agentic risk

Overview

This is a local Chinese-language ski resort lookup tool with no evidence of hidden data access, network use, persistence, or destructive behavior.

Install if a Chinese-language, offline ski resort reference tool is what you want. Treat resort prices and season details as static reference data, not live conditions or booking information.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: This Python skill contains user-facing natural-language descriptions entirely in Chinese, beginning with the module docstring. Across the file, prompts and outputs assume Chinese input/output and do not offer any language or locale opt-in, which can violate a language/locale policy requiring user choice.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The command responses, help text, and error messages in this range are hardcoded in Chinese, so the skill operationally enforces a single language for all users. There is no visible mechanism for selecting another language or acknowledging that the skill is intentionally region-specific.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal