LifeLog

Security checks across malware telemetry and agentic risk

Overview

LifeLog is a disclosed Notion journaling skill that handles sensitive personal diary data, so it is not malicious but should be used deliberately.

Install only if you intentionally want personal messages stored in Notion and potentially analyzed by your configured agent or LLM. Use a dedicated Notion integration limited to one private database, keep tokens out of shared files, avoid logging secrets or highly sensitive information, and enable the cron job only if you want ongoing background summaries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill instructs the agent to execute shell scripts and access external services, but it does not declare permissions for those capabilities. This weakens policy enforcement and user visibility, making it easier for the skill to perform side effects such as data exfiltration to Notion without an explicit permission gate.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The documented behavior says the skill appends user life records by date, but the implementation reportedly also creates standalone pages, filters content categories, skips some records, and uses fallback logic instead of the described SubAgent flow. This mismatch is dangerous because it defeats informed consent: users may believe intimate diary data is handled one way while the skill stores, suppresses, or processes it differently.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The script updates fixed Notion page properties via a PATCH request, which replaces the prior values instead of appending a new life record as the skill description promises. In a lifelog context, this can silently destroy historical entries and cause integrity loss of personal records, making the behavior security-relevant because users may trust the automation to preserve diary history.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README promotes automatic capture of highly personal daily-life content and subsequent LLM-based analysis, then transmission to Notion, but it does not clearly warn users about privacy, retention, third-party processing, or the sensitivity of inferred fields like emotions, locations, and people. In this skill context, the missing disclosure is more concerning because the data is intimate and continuously collected, increasing the risk of oversharing sensitive personal information to external services without informed consent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README promotes automatic logging of personal life content to Notion and LLM-based analysis without clearly warning users that sensitive personal data may be transmitted to third-party services and stored persistently. In a life-logging skill, this omission is more dangerous because the expected content includes intimate behavioral, emotional, location, and relationship data, increasing the risk of unintended privacy loss or noncompliant data handling.

Vague Triggers

High

Confidence: 91% confidence
Finding: The description frames the skill as automatically recording everyday conversation, which creates a high risk of collecting and transmitting sensitive personal information from ordinary chats without a narrowly defined trigger. In a lifelogging context, broad activation is especially dangerous because benign conversation often contains health, relationship, location, and other private data.

Vague Triggers

High

Confidence: 94% confidence
Finding: The realtime workflow says each user message is processed and recorded, but it does not define boundaries, exclusions, or confirmation requirements. Because the skill targets diary-style content, missing trigger constraints materially increases the chance of overcollection and unintended export of sensitive messages to Notion.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill describes automatically sending personal life records to Notion but does not present a clear privacy warning or consent mechanism. Since lifelog entries commonly contain highly sensitive personal data, users may not realize their messages are being transmitted to a third-party service and retained there.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documents automatic daily LLM analysis of stored diary content without explicitly warning users that their past entries will undergo secondary processing. Secondary analysis can infer additional sensitive attributes beyond the original text, increasing privacy risk beyond simple storage.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script prints the full diary '原文' content to stdout, which can expose sensitive personal information in terminal history, cron logs, CI logs, or agent telemetry. In this skill's context, the data is explicitly a personal life log, so unredacted output materially increases privacy and confidentiality risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script sends user-supplied life-log content to Notion, a third-party service, without an explicit runtime notice or consent step immediately before transmission. In a journaling context, users may provide highly sensitive personal details, so silent external transfer increases the risk of unintentional disclosure.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The script stores raw, user-provided life logs and inferred metadata such as emotions, event type, and location, then transmits them to a remote Notion database by default. Because this skill is specifically designed for personal journaling, the content is likely to include sensitive personal, behavioral, and contextual data, making accidental overcollection and privacy exposure significantly more dangerous.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal