Solo Mcn Domain

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed self-media operations reference skill with no executable code, though users should note it tries to auto-install and delegate to a UTOS dependency when activated.

Install this if you want a structured Chinese MCN/self-media workflow reference. Be aware that activation may be broad, and the skill tells the agent to install/load universal-task-os automatically; review or require confirmation for that dependency if you do not want skills added during normal content requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill metadata advertises very broad trigger terms such as '自媒体', 'SEO', '视频', and '数据分析', which are common across many ordinary user requests. This can cause accidental activation in unrelated contexts, unexpectedly injecting the skill’s instructions and dependency behavior, including attempted UTOS installation/load logic, into conversations where the user did not intend to use this skill.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The example invocation section uses highly generic phrases like '帮我写一个60秒抖音口播脚本' and '帮我排个期', which overlap with normal assistant usage rather than explicit skill calls. In systems that learn or match from examples, this increases unintended routing to the skill and can expand the blast radius of its automatic delegation and operational instructions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal