Explain Code 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a simple code-explanation skill with visible formatting preferences and no evidence of hidden access, execution, persistence, or data handling.

Install this if you want a Chinese-oriented helper that explains code with analogies and ASCII diagrams. Review or adjust the trigger and language wording if you do not want it to activate on most code-explanation requests or if you prefer answers to follow the user's language.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill description is broad enough to trigger on many normal requests about explaining or teaching code, which can cause the skill to activate outside a narrowly intended context. Over-broad activation increases the chance that its behavior overrides user preferences or more appropriate skills, creating prompt-routing and policy-control risk even though the content itself is not overtly malicious.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The skill content requires Chinese-language behavior without indicating that this is optional or conditioned on user preference. Forcing a language can degrade usability, mis-handle user intent, and create control-conflict with system or user instructions, especially if the skill activates broadly as it does here.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal