当你情绪低落、脑子很乱、事情很多时，把想到的东西全倾诉出来 → 我来帮你分类、找卡点、给清单。

Security checks across malware telemetry and agentic risk

Overview

The file itself is a local Chinese horoscope skill, but the listing metadata describes a different emotional-organization skill.

Review before installing. The skill does not appear to run code or access credentials, but users expecting help with emotional overwhelm would instead get horoscope-style fortune guidance and may be asked for birth details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill explicitly states that it only supports Simplified Chinese, which can override a user's language preference and reduce transparency or accessibility for users who do not understand Chinese. While this is not a code-execution or data-exfiltration issue, it is a real policy/control weakness because the skill imposes an output constraint without user opt-in.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal