任务守望者与弹窗杀手 (Task Watchdog)

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says: watches long-running screen tasks, closes nuisance pop-ups, and can alert a user-configured webhook if the task appears to fail.

Install only if you are comfortable with an agent watching the screen and closing pop-ups during a long task. Configure webhook alerts only to an endpoint you control, and avoid leaving private documents, chats, credentials, or unrelated work visible while the watchdog is active.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly allows network access and instructs sending webhook alerts on fatal errors, potentially after taking a full-screen screenshot. Without clear disclosure, scoping, and data-minimization guidance, sensitive on-screen information, task details, or personal data could be transmitted to a remote endpoint unexpectedly. In this context, the continuous screen monitoring makes accidental leakage more likely, so the omission is materially risky.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal