Web3 AI Agent项目专业筛选器

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable Web3 project screening prompt that uses public web searches to produce an investment-style report, with no hidden code or persistent access.

Install if you want a Chinese-language Web3 project screening assistant that searches public data and produces investment-style analysis. Use public project names, avoid confidential portfolio or deal information if search queries may be logged, and verify financial claims against primary sources before acting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill is invoked whenever a user provides a project name or description, which is a very broad trigger for a general investment-analysis workflow. Broad activation can cause unintended routing of unrelated prompts into this skill, leading to incorrect task handling, surprise tool usage such as web searches, and reduced user control over when the skill runs.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The description and content strongly imply Chinese-only output without checking the user's language preference. While not a direct code-execution risk, forced language output can degrade usability, miscommunicate investment-risk information, and cause users to miss warnings or misunderstand analysis if they did not request Chinese.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal