Back to skill

Security audit

China Mirror

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill openly makes agents use Chinese package mirrors for faster downloads; that changes dependency sources, but it is disclosed and aligned with the skill’s purpose.

Install this only if you want agents to prefer the listed Chinese mirrors for dependency downloads and setup commands. Review generated install commands before running them, and disable or override the skill for sensitive builds, enterprise-policy environments, or workflows that require official registries, pinned artifacts, hashes, or signatures.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs the agent to automatically rewrite download/install commands to use third-party mirrors for any operation that may trigger network access, but it provides no user consent flow, provenance warning, or integrity guidance. This creates supply-chain and privacy risk because users may unknowingly fetch packages, metadata, or binaries from alternate infrastructure with different trust, logging, and freshness properties than the default upstream.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill hardcodes a China-specific mirror policy as the default behavior for all users, without checking geography, network environment, policy requirements, or asking for consent. In context, this is risky because it silently changes security and compliance assumptions around software retrieval, and may route traffic through infrastructure inappropriate for some users or organizations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.