Li Bin Perspective V2

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk persona and strategy-guidance skill made of Markdown text, with no code execution, credential access, external calls, or persistence.

This appears safe to install from a security perspective. Treat it as a simulated public-information business perspective, not an official statement from Li Bin or NIO, and verify factual, financial, or strategic claims before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases include common business terms such as “用户企业” and “换电模式,” which could be mentioned in ordinary discussion and unintentionally activate the skill. This is not a classic security exploit, but it can cause unintended persona takeover or response-shaping, especially in multi-skill environments where routing depends on loose phrase matching.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill states that, once activated, it will respond in a fixed style without offering language choice, which can override user preference and reduce transparency about output constraints. In security terms this is a policy/control weakness rather than a direct exploit, but it can degrade user agency and create unexpected behavior in broader systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal