Back to skill

Security audit

Domain Payload Generator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed meta-skill for generating UTOS-compatible skill scaffolds, with no evidence of hidden code execution, exfiltration, or destructive behavior.

Install if you want a Chinese-language meta-skill that creates UTOS-compatible skill scaffolds. Before using it, confirm that you are intentionally asking it to generate a skill and that any output directory is a workspace path you are comfortable modifying.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to match ordinary requests like creating a knowledge base or reference library, which can cause the meta-skill to activate outside the user's likely intent. Because this skill can generate structured artifacts and drive downstream file creation workflows, accidental activation increases the chance of unintended behavior and scope escalation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation rule says the skill activates when the user requests a new knowledge reference library or domain payload skill, but it does not clearly distinguish that from normal content-generation requests. This ambiguity can lead the agent to invoke a higher-privilege generation workflow when the user may have only wanted informational output, increasing the risk of unintended tool use and workflow execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to write generated output into a specified directory, but there is no user-facing warning or explicit consent requirement for filesystem modification. In agent environments with write capabilities, this can cause unauthorized or unexpected file creation, overwrite risks, and persistence of generated content beyond what the user intended.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill metadata and content indicate broad trigger phrases such as '领域负载物', '技能制作', '新领域技能', and 'domain payload', which are generic enough to overlap with normal user requests. This can cause unintended activation of the meta-skill in unrelated conversations, potentially steering task generation, exposing internal scaffolding, or causing the wrong skill to handle a request.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The workflow is designed to respond to broad user requests like '帮我做一个XX领域知识参考库' without any explicit activation boundaries, authorization checks, or narrowing conditions. In a meta-skill that generates other skills, overly generic trigger language can cause unintended activation, making it easier to invoke high-impact generation behavior in contexts where the user did not clearly request a full skill-construction workflow.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The file is entirely written as a Chinese-only operational workflow and provides no indication that language should follow user preference or system locale. This can coerce interactions into Chinese in multilingual environments, increasing the risk of user misunderstanding, incorrect task execution, or hidden prompt behavior if the surrounding platform expects language neutrality.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.