狗狗如厕训练

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward dog potty-training tracker with local notes and no evidence of hidden code, data exfiltration, or unsafe behavior.

Before installing, be comfortable with the agent saving local notes about walk times, room locations, accidents, and household routines. Avoid recording exact addresses or unnecessary personal details, especially if your memory files are synced or shared.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase at this line is broad enough to match routine pet-related or even general status updates without clear invocation intent, which can cause the skill to activate unexpectedly. That creates a prompt-routing/invocation integrity issue: user messages may be interpreted as requests to log data or provide training guidance when the user did not intend to use this skill.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The progress-check trigger is ambiguous because it lacks strong reference to dog potty training and could match many unrelated 'how is progress' conversations. In a multi-skill environment, this increases the chance of incorrect skill activation and unintended access or modification of the training log context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal