Back to skill

Security audit

Solopreneur OS

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese, Markdown-only solo-business planning skill with no executable code, credential access, or hidden persistence, though users should treat its legal, tax, and financial content as advisory.

Install this if you want a Chinese-language framework for solo-business planning and workflow restructuring. Review outputs carefully before using them for contracts, taxes, company registration, customer data, payments, or financial commitments, and involve qualified legal, tax, accounting, or compliance professionals for real decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list contains broad terms such as 'solopreneur', '独立开发者', and '微创业', which can match many ordinary user requests and cause this skill to activate outside its intended scope. Over-broad activation can steer unrelated conversations into this skill's framework, increasing the chance of inappropriate guidance, unwanted instruction injection into normal workflows, or accidental override of more suitable domain-specific skills.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The file is entirely in Chinese and does not offer a language choice or opt-in, which can prevent users from understanding instructions, limitations, and safety-relevant caveats. In an agent skill that guides workflow generation and may touch compliance, search, and content production, language opacity can cause users to unknowingly authorize actions or rely on outputs they cannot adequately review.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "帮我找OPC的突破方向" is broad and overlaps with ordinary brainstorming or business-advice requests, which can cause the skill to activate when the user did not explicitly intend to invoke this capability. In an agent environment, overly generic activation phrases increase the risk of unintended execution, context hijacking, and accidental disclosure or action under the wrong workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.