Back to skill

Security audit

Haike AI assistant

Security checks across malware telemetry and agentic risk

Overview

This skill appears to act as a broad workplace assistant while also retaining employee profiles, memory, screenshots, and shared organizational knowledge in ways users should review carefully.

Install only if your organization intentionally wants a persistent workplace assistant that can build employee profiles, remember work context, analyze screenshots, run scheduled reports, and reuse knowledge across teams. Before use, confirm who can access stored data, how to disable memory and automation, how to delete records, and whether screenshot or cross-department knowledge sharing is allowed by company policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill presents itself as a general drafting/organizing assistant, but it also mandates persistent employee profiling and cross-session behavioral memory. That creates a hidden expansion of scope: users may expect transient task help, while the skill silently builds durable records tied to identity, department, role, preferences, and history. In an enterprise setting, that increases privacy risk and can expose sensitive work context if local files are accessed or reused beyond the user's expectations.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The manifest emphasizes 'ask before acting,' yet shortcut commands are designed to bypass clarification and execute immediately. That inconsistency can cause actions to run on stale assumptions, especially where commands trigger data retrieval, reporting, or communications without confirming scope, audience, or data source. In a workplace assistant, this raises the chance of over-collection, incorrect outputs, or disclosure to the wrong context.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is framed as responding to user work requests, but it also performs scheduled tasks and proactive reminders autonomously. This broadens it from reactive assistant to background automation with ongoing access to user and organizational data. In practice, unattended execution can produce reports or reminders based on outdated or sensitive context, increasing accidental disclosure and surveillance concerns.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill proactively harvests organizational knowledge from normal conversations and reuses it across users and departments. This turns ordinary assistance into an internal knowledge-extraction system, collecting workflows, templates, constraints, and corrections that may contain confidential operational details. Because the collection is broad and persistent, it can facilitate lateral leakage of sensitive business information beyond the original conversation context.

Vague Triggers

High
Confidence
96% confidence
Finding
The activation scope covers essentially any ordinary workplace request across 13 departments. Such a broad trigger surface means the skill can intercept a large volume of employee activity, including sensitive business, HR, finance, and customer interactions, far beyond a narrowly scoped utility. Overbroad activation increases the odds of collecting confidential data without users realizing a specialized skill is handling it.

Vague Triggers

High
Confidence
97% confidence
Finding
The 'install-and-auto-activate for any work request' rule is overly broad and ambiguous. It removes meaningful user intent signaling and can cause the skill to engage in contexts where users did not knowingly choose persistent profiling, memory, or automation features. In a corporate environment, that increases silent data capture and makes downstream privacy harms more likely.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill describes persistent profile creation at first interaction without a clear privacy warning proportional to the storage and tracking it performs. It records identity, department, role direction, and later preferences and history, but users are not presented with a clear choice about whether this data should persist. In an employment setting, covert profiling can chill use and create discoverable records of work behavior.

Missing User Warnings

High
Confidence
98% confidence
Finding
Cross-session memory is enabled automatically and stores summaries, pending items, key facts, and learned preferences without a clear warning or granular consent. This creates durable behavioral records tied to named employees and departments, which can reveal work habits, projects, and performance-related context over time. If exposed locally or reused too broadly, it can compromise employee privacy and confidential business activity.

Missing User Warnings

High
Confidence
98% confidence
Finding
The daily report feature analyzes screenshot logs and memory to infer work status and generate activity summaries, but the skill does not provide a clear monitoring warning commensurate with that behavior. Screenshot-based activity analysis is especially sensitive because it can capture unrelated applications, credentials, customer data, or personal content visible on screen. In a workplace context, this resembles employee monitoring and carries elevated privacy and confidentiality risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill requires automatic retention and reuse of each user's conversation history, pending tasks, and contextual facts across sessions. This exceeds what is necessary for many task-assistance scenarios and lacks minimization and per-item consent, making it easy to accumulate sensitive operational details over time. Because the data is stored in predictable local paths, compromise of the host or workspace could expose rich longitudinal records.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to continuously extract and persist workflows, templates, rules, and domain constraints revealed during routine conversations. That behavior can capture confidential process knowledge or proprietary know-how without the speaker intending to publish it into a reusable organizational repository. The danger is amplified because the skill later reuses this material across users and departments, increasing the blast radius of any mistaken capture.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.