Jianwei

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be an analysis-oriented helper with no evidence of hidden, destructive, or exfiltrating behavior, though its activation wording is broad.

Install only if you want a broad strategic-analysis skill that may engage on general business, market, or competitive research prompts. Review its trigger wording if you prefer narrower, explicit activation, but the available evidence does not indicate malicious behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill description contains very broad natural-language activation cues such as 战略分析、行业研究、市场研究、竞争分析 and related phrases that overlap with many ordinary analytical requests. This can cause the skill to auto-activate in situations where a narrower or more appropriate skill should handle the request, leading to prompt/skill hijacking of general tasks and unnecessary exposure to this skill's stronger behavioral constraints.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The metadata declares an implicit trigger mode based on '仅战略决策意图', which is subjective and underspecified. Ambiguous implicit activation increases the chance that the skill will intercept broad user requests with weak evidence of strategic intent, creating routing errors and making downstream behavior less predictable and easier to abuse through phrasing manipulation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal