Gamification

Security checks across malware telemetry and agentic risk

Overview

This is a text-only gamification design skill with no evidence of hidden commands, data access, persistence, or destructive behavior.

Install if you want a Chinese-language assistant for gamification plan design. Review the broad trigger terms if you prefer skills to activate only on very explicit requests, but the artifact is text-only and the supplied static scan and VirusTotal telemetry are clean.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list contains broad phrases such as '游戏化', '游戏机制', and '参与驱动' that are common in ordinary discussion and may cause unintended activation of the skill. While this does not directly enable code execution or privilege escalation, it can route unrelated user requests into this skill unexpectedly, increasing the chance of prompt-scope confusion and misuse of the skill in contexts where it was not intended.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The file is entirely authored in Chinese and does not provide any user-language selection, fallback behavior, or documented justification for a Chinese-only constraint. In a general-purpose agent skill, this can cause users or downstream reviewers to misunderstand instructions, outputs, or limitations, reducing transparency and potentially leading to misuse or incorrect acceptance of generated plans.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal