top-rss-list

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese RSS recommendation skill; its broad triggers may be annoying, but it does not request sensitive access or perform actions.

Safe to install from a security perspective. Expect possible unwanted activation on broad words like “top,” “AI,” or “新闻,” and verify feed rankings or links if accuracy matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases include extremely generic terms like "top", "热门", and "最热", which commonly appear in normal conversation outside the RSS-selection context. This can cause unintended skill activation, hijacking unrelated user requests and leading to incorrect behavior or response routing.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The category/topic trigger is defined as bare topic words like "AI", "科技", or "新闻" without requiring an RSS-selection intent. Because these are broad standalone terms, the skill may activate when a user is simply discussing those topics rather than asking for feed recommendations.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The default behavior says that in the absence of a specific instruction, the skill should automatically return a Top 10 list. This is risky because it removes the need for clear user intent and increases the chance of unsolicited activation in ambiguous conversations.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal