Ai Project Pricing Cn

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese AI project pricing helper with no executable code, permissions, persistence, or hidden access.

Safe to install from a security perspective. Before relying on it for real client quotes, verify current model API prices and market assumptions independently, because the skill does not provide citations or a live pricing update process.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger terms are broad generic business phrases such as '估价', '报价', and 'AI 项目', which are likely to appear in normal conversation outside the intended scope of this skill. This can cause unintended activation, leading the agent to invoke pricing behavior when the user did not explicitly request this tool, which increases the chance of irrelevant responses, workflow interference, or accidental disclosure of skill-specific assumptions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal