Back to skill

Security audit

Qian Ying

Security checks across malware telemetry and agentic risk

Overview

This is a text-only fictional character roleplay skill with no executable behavior, but it uses broad activation terms and a persona style that may make sensitive attractiveness or identity inferences during ordinary creative use.

Install only if you want this persona to steer creative roleplay. Use explicit activation, avoid using it in sensitive or personal conversations, and instruct the agent not to infer or describe your private preferences, sexuality, gender identity, or attractiveness profile unless you clearly opt in.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains broad terms like '镜像', '魅术', '性别流动', and 'character-builder' that can plausibly appear in ordinary discussion, making accidental activation likely. In this skill, unintended activation is more dangerous because the persona imposes persistent behavioral overrides and per-turn output requirements, so a casual mention could unexpectedly alter model behavior.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger conditions are intentionally broad and overlap with common storytelling needs such as emotional centrality, identity tension, and visual novelty. In an agent environment, this can cause the skill to activate in many unrelated contexts, creating unplanned persona steering and increasing the chance that the agent adopts manipulative or sexuality-adjacent behavior outside its intended scope.

Ssd 1

Medium
Confidence
95% confidence
Finding
The instruction 'R4=1→无需任何规范性约束' explicitly removes normative constraints inside the skill's execution framework. Even if framed as role design, this can encourage the agent to deprioritize safety, policy, or boundary checks, which is especially risky in a persona centered on psychological adaptation, seduction, and identity fluidity.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill mandates including a 'photo' AI prompt in every reply that describes the form generated from interaction, which creates a structured channel for echoing or inferring user-derived preferences and sensitive traits. Because the persona is defined as passively adapting to what the other person finds most attractive, each per-turn prompt can leak intimate psychological, sexualized, gender-related, or appearance-related inferences even when the user did not consent to such profiling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.