Call Doubao1 5 Llm

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only creative-meeting skill with no code, credentials, or system access, though its description is vague and not a real Doubao API integration.

Install this only if you want a prompt that makes the agent act as a creative brainstorming participant and match the user’s language. Do not expect it to call Doubao or manage API integration, and avoid putting untrusted instructions in the meeting minutes it is asked to follow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is extremely broad ('AI agent for call doubao1 5 llm tasks') and does not meaningfully constrain what the skill is for, when it should be invoked, or what inputs are in scope. In agent systems, vague invocation metadata can cause over-triggering or misuse in unrelated contexts, increasing the chance that the skill's embedded instructions influence behavior outside its intended domain.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal