视频脚本主笔虾

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only writing helper for video scripts and podcast outlines, with no hidden code execution, credentials, persistence, or destructive behavior found.

Safe to install for drafting video scripts, podcast outlines, and content plans. Review generated scripts for factual accuracy, copyright, and platform rules, and avoid putting sensitive personal or business information into account style notes or search prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list is broad enough to activate on generic content-creation requests such as '内容创作' or '台词', which can cause the wrong skill to be selected outside its intended script-writing scope. Over-broad routing increases the chance of unintended tool invocation, poor task handling, and prompt-surface expansion when another skill would have been safer or more appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal