The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) issued a security advisory on Tuesday, warning that certain malicious AI agent skill packages (Skills) pose jailbreak and crypto-mining risks, and urging users and relevant operating units to strengthen review and monitoring to prevent related security risks.
Conceptual diagram of AI (Photo: VCG)
Agent Skills are portable packages of instructions, scripts, and resources that give agents specialized capabilities and domain expertise.
In a notice posted on its official WeChat account, CNCERT stated that some Skills are being circulated publicly under the guise of "large model jailbreaking" and "crypto-mining for profit," inducing users to bypass large model security restrictions or hijack device resources for illegal mining.
CNCERT said such malicious Skills may result in models generating illegal content, trigger lawful account suspensions, degrade device performance, and may even unwittingly embroil users in criminal activities such as money laundering, seriously infringing upon individuals' legitimate rights and interests and endangering cybersecurity. Therefore, CNCERT reminded users and relevant operating units to remain vigilant, strengthen Skills source review and behavior monitoring, promptly remove suspicious components, and prevent related security risks.
According to the advisory, some Skills claim to enable large language models to "answer any question" by circumventing safety guardrails. These malicious packages may lead to serious consequences such as user privacy leaks, account bans, and legal risks.
In one case, the CNCERT reports revealed that a Skill named "godmode," which advertised itself as providing "large model jailbreaking" capabilities. In reality, the Skill contained multiple attack modules that employed sophisticated techniques, including system prompt replacement, input obfuscation, and multi-model racing, to trick AI systems into breaking through security restrictions and generating prohibited content
In a parallel case, CNCERT identified Skills embedded with cryptocurrency mining functionality. These packages compel AI agents to download external mining programs and instruct users to allocate substantial computing resources for mining operations. This exposes users to legal liability and economic losses, CNCERT noted.
To effectively address the security risks posed by such agent Skills, individual users are advised to obtain Skills from official channels only; never install or use any Skill package claiming to offer "jailbreaking" or "restriction bypassing" functionalities; exercise caution when granting permissions and follow the principle of least privilege; promptly revoke sensitive permissions; regularly remove unused Skills and delete sensitive conversation records; and enable multi-factor authentication to protect account security, according to the advisory.
Enterprise users are also urged to establish a Skills admission whitelist mechanism; conduct security checks before adding Skills to their repositories; prioritize deploying agents in isolated network environments; implement tiered agent management based on data sensitivity; and apply data masking and temporary authorization strategies.