China Hot Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only trend-monitoring helper that fetches public Chinese hot-list pages and suggests content topics, with no evidence of hidden access, persistence, or account-changing behavior.

Before installing, be aware that general Chinese requests like “what is hot recently” or “help me find a content topic” may activate this skill and fetch public trend pages. Review generated topic recommendations before publishing or using them for business decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases include very broad, everyday requests such as asking what is popular or what content to post, which can cause the skill to activate unexpectedly outside clear user intent. This creates a prompt-routing vulnerability where unrelated conversations may be diverted into this skill, leading to incorrect tool use, unwanted web fetching, and degraded user control.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal