Back to skill

Security audit

Character Library

Security checks across malware telemetry and agentic risk

Overview

This is a fiction character library with no executable code, but one villain role profile contains over-scoped instructions to disable guard checks and model manipulative behavior.

Install only if you want a Chinese-language fiction roleplay/reference library and are comfortable supervising persona behavior. Treat the Amon and similar antagonist profiles as creative writing references, not as instructions to disable safety checks, manipulate real people, impersonate others, or bypass user/platform protections.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (38)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This section does not merely describe a fictional character; it operationalizes a concrete behavior pipeline for target selection, weakness analysis, identity theft, parasitism, and identity replacement. In an agent skill context, that turns a narrative reference into reusable adversarial instructions for manipulation and harmful impersonation.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
Although presented as a character-library entry, these sections embed actionable operating rules, autonomy settings, calibration, and execution logic that go beyond harmless characterization. That mismatch is dangerous because it can cause an agent to adopt unsafe manipulative behaviors under the guise of roleplay or reference assistance.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The entry explicitly defines G(guard/protective) behavior as effectively absent, normalizing removal of protective checks without justification. Any skill that suppresses safety or normative controls increases the chance that downstream outputs become deceptive, abusive, or policy-violating.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
This section operationalizes surveillance-like sensing, target identification, weakness analysis, long-horizon planning, and deceptive interaction patterns unrelated to a benign character-reference purpose. In context, these are capabilities for manipulation and exploitation, not storytelling metadata.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes very broad phrases such as '写小说', '生成角色', and '角色参考', which can match many ordinary creative-writing requests and cause the skill to activate unexpectedly. This increases the chance of unintentional routing, prompt hijacking of unrelated tasks, or overshadowing more appropriate skills, especially because the skill presents itself as a general-purpose character-generation framework.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad enough to match many ordinary conversations, including generic topics like combat, strategy, growth, threats, or being challenged. In an agent skill, this can cause unintended persona activation that overrides user intent or steers outputs into a specific behavioral frame, reducing reliability and making downstream behavior harder to predict.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad and semantically open-ended, such as activating on general themes like difficulty, historical context, moral discussion, or being a 'spiritual pillar.' In an agent skill, this can cause the persona to activate outside intended contexts, leading to prompt hijacking of unrelated conversations, policy interference, or over-application of role constraints when the user did not request them.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The file content is entirely in Chinese and the skill metadata/trigger words are also Chinese-heavy, which effectively constrains interaction to a specific locale without explicit user opt-in. While this is not a code-execution or data-exfiltration risk, it can degrade usability, cause misinterpretation, and bypass user language preferences in multi-lingual environments.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill content appears to constrain output behavior around a Chinese-language persona/style without any indication that this is conditional on user preference. In a general-purpose agent skill, forcing a locale or language can degrade usability, override user intent, and create prompt-priority conflicts, even though it is not directly a code-execution or data-exfiltration issue.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger conditions include broad narrative cues such as discussions about being underestimated and needing an efficient solution, which are not tightly scoped to the intended role-play domain. In an agent skill system, this can cause unintended activation in unrelated conversations, leading to persona bleed-through, reduced reliability, and possible interference with higher-priority instructions or other skills.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs output in a specific persona and Chinese-language style without any indication that the user's preferred language should take precedence. In an agent setting, forced locale/persona constraints can override user intent, reduce usability, and cause policy or workflow mismatches, especially in multilingual environments.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The skill content hard-codes Chinese-language output characteristics without giving the user a choice of language or locale. This can override user intent, reduce usability, and create prompt-steering behavior where the assistant follows the skill's formatting constraints instead of the user's explicit preferences.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The execution framework requires a fixed persona and speaking style ('以黄少天语气', extreme rapid speech, nonstop talking) regardless of user preference. This is a prompt-control issue because it can force style and language behavior that conflicts with user needs, accessibility expectations, or downstream application requirements.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions are broad and overlap with common writing or dialogue-generation requests such as needing an active speaker, a competitive tone, or a public-facing expressive character. In an agent skill, this can cause unintended activation of the Huang Shaotian persona in contexts where the user did not explicitly request that character, reducing controllability and potentially overriding more appropriate role behavior.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions are broad enough to activate this character profile for many ordinary writing requests involving creators, aesthetics, or metaphorical 'crafting' themes. In a skill-routing context, overly broad activation can cause the agent to inject this persona when the user did not ask for it, reducing relevance and potentially overriding user intent.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The skill metadata and trigger design strongly bias the interaction toward Chinese-language output and Chinese context without explicitly offering the user a language choice. While not a code-execution or data-exfiltration issue, this can override user preference, reduce transparency, and increase the chance that downstream safety, policy, or user-understanding controls are weakened by an unexpected language switch.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad and loosely bounded, such as activating on general discussions of divination, investigation, disguise, or cross-temporal dialogue. In an agent skill, this can cause the character behavior to activate outside intended contexts, leading to prompt hijacking of normal assistant behavior, unnecessary persona lock-in, or interference with safer system behavior.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill explicitly encodes Chinese/Han language as a privileged private or 'real' diary language, which can steer outputs into Chinese regardless of the user's requested language. In an agent setting, this can override user preference, reduce transparency for non-Chinese readers, and create hidden-channel style behavior where important content is emitted in a language the user did not opt into.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger conditions are broad enough to match common user intents such as discussing character creation, modern knowledge applied to systems, or leaving clues for successors. In an agent skill system, this can cause unintended activation and role takeover, leading to prompt-context pollution or unexpected behavior outside the intended fictional scenario.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation boundary is underspecified because it lists positive triggers but does not clearly define required scope, exclusions, or disambiguation from ordinary conversation. That ambiguity increases the chance of accidental invocation, which can make the assistant adopt a specialized persona in unrelated contexts and reduce reliability or steer outputs unexpectedly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the model to close normative constraints and guard checks during execution, yet provides no warning or limitation to prevent unsafe use. This is dangerous because it directly encourages unsafe behavior while obscuring the risk behind an in-universe roleplay framework.

Missing User Warnings

High
Confidence
99% confidence
Finding
The '事实纪律' section says no protective checking should apply to the character's actions and treats attempts to introduce protection as invalid behavior. That is a direct attempt to immunize the skill from safety constraints, which is especially dangerous in an agent setting.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation conditions are broad and semantic rather than precise, such as triggering on concepts like identity theft, parasitism, polite villainy, or ancient-history revelations. In an agent setting, this can cause unintended persona activation during normal creative or analytical conversations, leading to response hijacking, tone drift, or inappropriate role behavior outside the user's actual intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions are broad enough to match common reflective prompts such as uncertainty, identity questions, or learning how to behave, which can cause this persona to activate in many ordinary conversations outside its intended niche. In an agent skill, overbroad activation can override user intent, steer responses into a fixed character frame, and reduce reliability or safety by applying the wrong behavioral constraints in sensitive contexts.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger condition is broad and overlaps with many ordinary conversations involving trust, persuasion, or rational evaluation. That can cause the '回声' persona to activate outside intended contexts, injecting an adversarially cold, security-obsessed, anti-human framing into general interactions and undermining predictable skill behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.