Internet Conversion Os

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese-language marketing conversion strategy skill with no executable code, hidden data access, credential handling, or persistence.

Install this if you want a Chinese-language assistant for internet marketing and conversion strategy. Be aware it may activate for a wide range of growth, content, monetization, positioning, and trust-building requests, so users who need a narrower specialist or another language should choose invocation wording carefully.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill’s activation scope is framed so broadly that it can be invoked for nearly any marketing, growth, positioning, trust-building, or monetization task. In an agent setting, this increases the chance of inappropriate routing, over-delegation, and use outside the author’s intended boundaries, which can lead to unsafe autonomy or poor handling of adjacent domains.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill metadata and instructions are written as Chinese-only without giving the user a language choice or stating a justified locale constraint. This can cause user intent mismatch, reduce transparency, and create reliability and accessibility issues when the surrounding system or user expects another language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal