闪兑骑士 Flash Redeem Knight

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for redeeming user-provided prepaid coupon links, with clear checks to avoid extra payment or unintended redemption.

Install only if you want an agent to redeem prepaid H5 coupons for you. Before final confirmation, verify the coupon is already paid, the store and items are correct, and no extra payment is required. Be cautious about saving preferences that allow coupon consumption without fresh confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest description says the skill provides 'universal browser automation' for prepaid redemption links, which is a broad invocation phrase with weak trigger constraints. That can cause the agent to activate on loosely related requests involving coupon links or redemption workflows and autonomously perform account-affecting actions such as consuming a prepaid voucher, increasing the risk of unintended or unauthorized redemption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal