The National Computer Network Emergency Response Technical Team of China has issued a security warning about AI agent skill packages that could lead to jailbreak and crypto-mining risks. These skill packages, which enhance AI capabilities, are being circulated under misleading names, potentially allowing users to bypass security restrictions or misuse device resources for illegal activities. Such actions can result in the generation of illegal content, account suspensions, degraded device performance, and involvement in criminal activities like money laundering. Users and organizations are advised to stay vigilant, review skill sources, monitor behaviors, and remove suspicious components. Some skills claim to enable AI models to answer any question by bypassing safety measures, leading to privacy leaks and legal risks. One identified skill, “godmode,” was found to contain attack modules that trick AI systems into breaking security barriers. Another case involved skills with cryptocurrency mining functions, which could lead to legal liabilities and economic losses. To mitigate these risks, users should only obtain skills from official sources, avoid installing packages offering jailbreaking features, exercise caution with permissions, and use multi-factor authentication. Enterprises are encouraged to implement security checks, use isolated network environments, and apply data protection strategies.
Are AI agent skills posing jailbreak and crypto-mining threats?
