Back to skill

Security audit

Captain Adam Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a simple personal planning assistant skill with broad but disclosed scope and no executable code, credentials, persistence, or hidden access requests.

Before installing, treat this as a general personal-organization helper. Review any drafted messages before sending them yourself, and avoid sharing unnecessary sensitive family, work, medical, financial, or account details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill is defined as a broad, all-purpose personal assistant without clear trigger boundaries, exclusions, or domain limits. This can cause the agent to overreach into unintended tasks or sensitive areas such as communications, scheduling, and personal decision support, increasing the chance of unsafe actions, privacy issues, or prompt-injection abuse through ambiguous delegation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.