Mental Wellness

Security checks across malware telemetry and agentic risk

Overview

This is a small Chinese-language mental wellness self-help skill with disclosed limitations and no hidden code, commands, credentials, or persistence.

Install only if you are comfortable using a Chinese-language mental wellness assistant and understand that it is not medical care. For urgent distress, self-harm thoughts, or worsening symptoms, use local emergency services or a licensed professional rather than relying on the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The configuration hard-codes `preferred_language: zh-CN` without indicating that the user can choose or override the language. In a mental-wellness context, forcing a language can reduce comprehension of safety guidance, consent notices, and crisis instructions, which may impair access to appropriate help for users who are not comfortable with Chinese.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal