Last 30 Days—CN版

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Chinese social-media research skill that uses external search/API calls and writes local reports, with disclosed cautions around broad auto-invocation and a shared built-in API key.

Install only if you are comfortable sending research topics and derived search terms to WebSearch and RedFox. Treat the bundled API key as shared public quota; pass a personal key with --api-key if you need control. Review the chosen output directory because the skill creates persistent JSON/HTML report files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The script embeds a hard-coded public API key and explicitly prioritizes it over user-supplied environment configuration. This creates credential-sharing and misuse risk: anyone with access to the skill can consume the shared account's quota, and if the key is later privileged or reused elsewhere it may expose the API owner to abuse, billing, throttling, or service suspension.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The README advertises very broad natural-language triggers and says users can simply describe what they want, which creates unclear activation boundaries for a tool that performs external searches and report generation. In an agent environment, ambiguous triggering increases the chance the skill is invoked unintentionally on unrelated prompts, causing unnecessary web queries, data collection, or file-producing actions.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README promises automatic HTML report generation but does not warn that local files may be created or overwritten. In a tool-enabled agent setting, undisclosed filesystem side effects can surprise users, overwrite existing artifacts, or create persistent files containing scraped content or sensitive research topics.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The skill is designed to trigger from very broad natural-language requests with minimal scope constraints, which increases the chance of unintended activation and data collection beyond user intent. In an agent environment, loose invocation rules can cause the tool to run on ambiguous prompts, potentially performing external searches, generating reports, or using embedded/public API access when the user did not explicitly request this specific capability.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough to match many ordinary research or trend-analysis requests, which can cause the skill to activate when the user did not specifically intend to use it. Because the skill can invoke Bash, WebSearch, and file write operations, overbroad invocation increases the risk of unnecessary external queries, unintended data processing, and confusing tool execution in unrelated conversations.

Natural-Language Policy Violations

Medium

Confidence: 77% confidence
Finding: The description hard-codes Chinese-language behavior without indicating that the user can choose another language for the output. This is mainly a safety and usability issue: it can lead to misunderstood results, user confusion, or unintended processing in a language the user did not request, especially when summarizing external content.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill enables implicit invocation with no scoped triggers, exclusions, or contextual guardrails, which can cause the agent to auto-select this skill in loosely related conversations. Because the skill performs broad social-media research across multiple Chinese platforms, unintended activation could expose user prompts to unnecessary third-party processing or cause the model to take actions the user did not clearly request.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ### Highlights - **Pre-research mechanism**: Automatically runs WebSearch to extract trending terms before calling the engine, optimizing query strategy. - **Smart merging**: Automatically merges related keywords into a single call to reduce API invocations. - **Signal interpretation**: Automatic interpretation of key metrics like Xiaohongshu save/like ratio, Douyin share count, and WeChat read count.
Confidence: 80% confidence
Finding: Automatically run

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal