DeepThink

Security checks across malware telemetry and agentic risk

Overview

DeepThink is not malware, but it asks for broad ongoing access to personal memory, tasks, chats, live transcripts, and outbound messaging with consent boundaries that are not tight enough.

Install only if you intentionally want an agent to maintain a long-term DeepThink profile about you and to manage tasks using your API key. Before enabling it, require explicit confirmation for storing sensitive facts, modifying todos, sending any external messages, monitoring live transcripts, and changing SOUL.md or HEARTBEAT.md; also verify how to review, pause, and delete stored data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The skill simultaneously encourages proactive help from live transcripts and says significant actions from transcript content require permission. That ambiguity is dangerous because it creates room for an agent to treat outbound outreach as routine assistance rather than a permission-gated action, especially when transcript content may include third-party speech or mis-transcriptions.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation guidance is broad enough that the skill could be invoked in many ordinary conversations involving preferences, beliefs, relationships, or personal context. That increases the chance of unnecessary querying and persistence of sensitive personal data, normalizing surveillance-like behavior beyond what the user specifically requested in the moment.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill instructs ongoing monitoring of live transcripts and proactive outreach over external messaging channels, but the main behavior framing does not prominently warn users that ambient audio may trigger external contact. This creates a serious privacy and consent risk because overheard speech, third-party conversations, or inaccurate transcription could cause unexpected processing and disclosure.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The skill directs the agent to proactively store newly learned personal information about the user without clear sensitivity limits or per-item consent. In a personal knowledge-base context, that can lead to accumulation of highly sensitive facts, inferred traits, and contextual details the user may not expect to be persisted or searchable long-term.

Ssd 3

High

Confidence: 98% confidence
Finding: This section creates a natural-language data exposure channel by directing continuous monitoring of live transcripts and proactive assistance based on overheard content. Because transcripts may contain other people, background media, and transcription errors, the agent could extract sensitive information and transmit it externally or act on it without trustworthy attribution.

Ssd 3

Medium

Confidence: 88% confidence
Finding: The skill encourages broad accumulation of meta-observations, persuasion notes, and the agent's own learning records about the user and their interactions. Even if intended to improve communication, unrestricted collection of behavioral profiles can become manipulative, privacy-invasive, and difficult for users to audit or meaningfully consent to.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal