Back to skill

Security audit

叉车配件直播运营助手

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only forklift-parts livestream sales assistant with ordinary customer-inquiry privacy considerations but no hidden execution, persistence, or unsafe behavior.

Safe to install for drafting forklift-parts livestream scripts and inquiry templates. Before using it operationally, verify all prices, stock, fitment, warranty, shipping, promotions, and product claims manually, and collect only necessary customer information with consent in a controlled storage location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs collection of customer and equipment details, including photos, model information, usage conditions, and later reference to contact/follow-up content, but it does not warn users about privacy handling, minimization, or consent. In a sales-assistant context, this can lead to unnecessary collection or unsafe sharing of potentially sensitive business and personal data, increasing privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The form explicitly collects personal and business contact data, including customer name, phone number, location, and company details, but provides no notice about how the data will be used, stored, shared, or retained. In a sales and customer-followup workflow, this increases privacy, compliance, and misuse risk because operators may gather and retain identifiable information without informed consent or clear handling rules.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.