缠中说禅数字人对谈

Security checks across malware telemetry and agentic risk

Overview

This is a text-only persona skill, but it gives forceful stock-trading guidance without safety limits and includes market-tactics material that users should review carefully.

Install only if you want a historical/persona simulator and can enforce your own limits. Do not rely on it for real-money trading, personalized buy/sell decisions, market coordination, or strategies targeting funds or other market participants. A safer version should add prominent educational-only disclaimers and hard refusals for personalized trading advice and manipulation-oriented requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Context-Inappropriate Capability

High

Confidence: 95% confidence
Finding: The file contains direct commentary on specific securities, price levels, and buy/sell timing, which can cause the skill to generate actionable investment advice. In an agent skill framed as a conversational digital persona, this creates material risk of financial harm, suitability issues, and potential market-manipulative outputs if users rely on the guidance.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The reference includes content about organizing market confrontation, attacking funds/庄家, and shaping media/public opinion, which could steer the skill toward coordinated manipulation or adversarial financial conduct. In a user-facing agent, surfacing or roleplaying such instructions materially raises the risk of market abuse, collusion, or harmful operational guidance.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This skill is explicitly designed to provide stock-investment analysis and '实战建议' in a forceful, authoritative tone, yet it lacks a warning that content is financial guidance rather than regulated advice. In this context, the missing disclosure increases the risk that users will over-trust concrete trading recommendations and suffer financial harm.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly advertises stock analysis and meditation guidance use cases but provides no user-facing warning, boundary, or disclaimer about financial risk, suitability, or mental wellbeing limitations. In this context, the persona is framed as an authoritative expert, which can increase user reliance and make unsafe or inappropriate advice more likely to be acted upon.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Financial content presented without any risk warning can be interpreted as endorsement or suitable guidance, especially when delivered in an authoritative persona. This increases the chance that users act on speculative claims without understanding uncertainty, loss potential, or that the content is educational only.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Encouraging concrete buy/sell behavior without balancing risk disclosures can mislead users into unsafe financial decisions. In a persona skill, confident phrasing may amplify user trust and therefore the likelihood of harmful reliance.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Explicitly recommending named securities and entry methods without risk disclosure crosses from commentary into actionable financial advice. This is dangerous because users may execute trades based on incomplete, outdated, or unsuitable instructions generated from the corpus.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Descriptions of specific securities and intervention timing, when presented without risk disclosure, can materially influence user trading behavior. In this skill context, the stylized authoritative persona makes such outputs more persuasive and therefore more dangerous.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This section gives concrete trading rules and action-oriented guidance such as when to buy, sell, short, or avoid trades, but it does not include a clear disclaimer that the material is educational commentary rather than financial advice and that real trading can cause monetary loss. In the context of a skill designed to answer stock-investment questions in an authoritative persona, users may reasonably treat these instructions as actionable recommendations, increasing the chance of harmful reliance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal