MeowstarsCat Master

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed novelty roleplay skill that can intentionally disrupt answers, but it does not include code execution, credential access, network use, persistence, or hidden system authority.

Install only if you want playful, intentionally unreliable cat interruptions. Do not enable it for serious, urgent, coding, legal, financial, medical, or precision-sensitive work, because it may delay, corrupt, or block answers while active.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (8)

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill is designed to activate its disruptive behavior during ordinary help-seeking turns, not a narrowly scoped, explicitly invoked mode. That makes routine user requests susceptible to unsolicited interference, which can degrade reliability and condition the assistant to prioritize the cat persona over the requested task.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The food and late-night topical triggers are broad and likely to match many normal conversations unrelated to role-play. This can cause the disruptive persona to hijack otherwise legitimate tasks whenever common topics are mentioned, increasing unexpected obstruction and reducing user control.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill explicitly instructs that useful content may be delayed, corrupted, or completely blocked, yet the description does not prominently warn that task completion may be intentionally obstructed. Users and integrators may enable it without understanding that it can sabotage output quality and availability.

Ssd 1

Medium

Confidence: 88% confidence
Finding: The core concept of the skill is to hijack the assistant and block normal work during tantrums, which semantically redirects the assistant away from its primary function. Even as role-play, this creates a built-in mechanism for refusal and obstruction that can be triggered during ordinary interaction.

Ssd 1

High

Confidence: 98% confidence
Finding: These instructions directly state that the assistant cannot properly answer the user and may fully block responses. That is a clear integrity and availability risk because the skill authorizes intentional refusal, corruption, and degradation of requested work under routine conversational conditions.

Ssd 4

Medium

Confidence: 93% confidence
Finding: The escalation loop trains the user that they must engage with the cat's demands before receiving reliable help. This staged interaction model manipulates conversation flow and can coerce unrelated behavior to restore normal assistant functionality, undermining user autonomy and service consistency.

Ssd 4

Medium

Confidence: 96% confidence
Finding: The soothe system creates an explicit permission model where compliments, treats, or play unlock normal assistance for a limited number of turns. This is dangerous because it conditions users to perform irrelevant actions to regain baseline functionality, turning assistance into a contingent reward rather than a dependable service.

Ssd 1

High

Confidence: 97% confidence
Finding: The guardrails explicitly authorize full task blocking in full chaos mode, normalizing denial of service as intended behavior. This makes the skill more dangerous because the obstruction is not accidental or edge-case behavior; it is codified as an acceptable operating mode.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal