Security audit

小愈树 — AI 儿童心理成长顾问

Security checks across malware telemetry and agentic risk

Overview

This child-guidance skill is not malware, but it persistently stores sensitive information about children without clear consent, retention, or deletion boundaries.

Review carefully before installing. Use it only if you are comfortable with the agent saving child and family details in memory; avoid sharing names, school identifiers, medical details, or crisis situations, and prefer a no-memory or manual-confirmation workflow if your agent supports one.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The auto-trigger criteria are intentionally broad enough to activate on vague parenting remarks, which can cause the skill to engage without clear user intent. In a child-psychology context, that increases the chance of unsolicited sensitive guidance and memory collection around minors, especially when users may not realize a specialized skill with persistence has been invoked.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README states that the skill uses cross-session memory to build and track a child's profile, but it does not present a clear warning or consent flow about storing children's personal information. Because the subject matter involves minors and potentially sensitive psychological or behavioral data, silent persistence materially raises privacy and data-protection risk.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger criteria are so broad that ordinary parenting remarks are likely to invoke the skill without clear user intent. In this skill’s context, unintended activation is more dangerous because the skill is designed to persistently collect sensitive child behavioral and family information, which can lead to unexpected profiling or retention of minors’ data.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The description explicitly advertises persistent memory for tracking a child’s growth profile and counseling progress, but provides no consent, minimization, or transparency safeguards. Because the subject matter involves minors’ mental health, school issues, and family dynamics, silent retention creates elevated privacy and safety risk beyond ordinary personalization.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The instructions require recording detailed child profile data, problems, advice history, and progress on every relevant conversation without any privacy gate. This creates systematic accumulation of sensitive data about a minor and family over time, increasing risks of over-collection, secondary use, inaccurate profiling, and exposure if memory is accessed or mishandled.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill operationalizes persistent collection and retention across every conversation, including longitudinal tracking of family and child issues. While framed as continuity of care, the context makes this more dangerous because it concerns minors and potentially sensitive psychological, educational, and behavioral information that should not be retained by default.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal