日记

Security checks across malware telemetry and agentic risk

Overview

This diary skill is privacy-sensitive but its file reads and local outputs fit its stated journaling purpose.

Install only if you are comfortable with a diary helper reading your configured personal memory files and writing diary text/images locally. Review config.yaml paths on first use, especially the SOUL, MEMORY, daily memory, diary output, and optional news-summary locations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The README states that the skill automatically reads SOUL, MEMORY, and daily memory materials and performs initialization/output, but it does not clearly warn users that personal data will be read and local files such as configuration and generated images may be written. This is primarily a transparency and consent issue: users may invoke the skill without understanding the privacy implications or filesystem side effects.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal