萤火虫空压机节能评估助手

Security checks across malware telemetry and agentic risk

Overview

The only identified issue is an over-strict Chinese-only response rule, which is a usability concern rather than evidence of unsafe behavior.

This skill appears acceptable to install from a security perspective. Users who need English or another language should be aware that the skill may force Chinese responses unless the publisher updates the wording to respect user preference.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill explicitly requires Chinese-only output regardless of user preference, which can override user choice and reduce accessibility for users who need another language. While this is not a classic security flaw, it is a policy/compliance issue that could be abused to constrain communication or prevent clear disclosure in a language the user understands.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal