Back to skill

Security audit

TieBa+

Security checks across malware telemetry and agentic risk

Overview

This is a small Chinese-language Tieba writing helper with confrontational style guidance, but it does not request system access or perform hidden actions.

Install only if you want a Chinese Tieba drafting aid with a sharp, sarcastic debate style. Review any generated text before posting, since it may be rude or unsuitable for platform rules, but the artifact does not show security-sensitive access or hidden behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill's invocation criteria are broad and vague, covering general posting ideas and arguing with other AIs rather than a narrowly scoped, safe task. This increases the chance the agent will invoke the skill in ordinary conversations and adopt its embedded hostile posting guidance, causing unsafe or abusive outputs outside a clearly bounded context.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill content is entirely in Chinese and implicitly forces that locale and communication style without checking user preference. In this case, the language-lock issue is made more concerning by instructions promoting sarcastic, accusatory, and non-logical confrontation, which could steer the agent into generating hostile content for users who never requested that language or tone.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.