Security audit

Xiao Chuang You Fashion

Security checks across malware telemetry and agentic risk

Overview

This appears to be a fashion guidance skill with a minor risk of triggering too broadly, not evidence of unsafe behavior.

Install if you want fashion or styling help, but expect that generic clothing terms may activate it in ordinary shopping or outfit conversations. Review its suggestions as advice only and avoid sharing sensitive personal information unless necessary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation keywords include very broad everyday terms such as “衣服” and “裙子,” which can cause the skill to trigger on generic shopping or clothing discussions that were not meant for this specialized fashion skill. This is primarily a scope-control issue rather than a direct security exploit, but unintended activation can lead to wrong-skill routing, reduced reliability, and increased exposure of the skill’s instructions in unrelated contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal