Security audit

程维思维操作系统 v2.0

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only strategy persona skill with no code execution, system access, credential use, network behavior, or persistence.

Safe to install from a security-permissions standpoint. Use it as a business strategy lens, verify factual claims independently, and remember that first-person outputs are simulated rather than authentic statements from Cheng Wei.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill defines several broad activation phrases, including generic variants such as “程维会怎么看” and “cheng wei perspective,” without clear scoping or exclusions. This can cause unintended activation in normal conversation and unexpectedly switch the assistant into a persuasive strategic persona, which may override user intent or inject the skill into contexts where it is not appropriate.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill states that once activated it will respond in Cheng Wei’s first-person perspective and fixed style, without offering a user choice of language or a non-persona mode. This can mislead users about the source of claims, reduce transparency, and make the model adopt a role-play framing in situations where neutral analysis or another language would be safer and more appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal