海外中餐短视频变现系统

Security checks across malware telemetry and agentic risk

Overview

This is a text-only planning skill for overseas Chinese restaurant short-video marketing, with no evidence of unsafe access, hidden behavior, or persistence.

This is low-risk to install as a content-planning/template skill. Review generated marketing claims and scripts before publishing, follow platform and advertising rules, and do not provide account credentials or sensitive business secrets because the skill does not need them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are broad enough to activate on many ordinary conversations about Chinese food, restaurants, or promotion, which can cause the agent to invoke this skill when the user did not clearly request short-video marketing help. Over-broad invocation increases the chance of irrelevant guidance, unwanted steering, and context hijacking by a domain-specific workflow.

Natural-Language Policy Violations

Medium

Confidence: 79% confidence
Finding: The skill is written entirely in Chinese and does not instruct the agent to detect or honor the user's preferred language, which can lead to responses in an unexpected language. This is primarily a usability and policy-compliance risk rather than a direct security flaw, but it can degrade user trust and cause incorrect or inaccessible guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal