AI桌面宠物

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a low-risk desktop pet helper, with only a trigger-scoping concern that may cause surprise activation.

Install if you want a desktop pet experience, but be aware that broad trigger phrases may open or show the pet when you mention related emotional-support or pet terms. Review the triggers and disable or narrow the skill if surprise UI activity would bother you.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad and context-driven, including emotional-support situations and generic commands like opening or showing the pet. This can cause unintended activation when a user is discussing feelings or casually referencing pets, leading to surprise tool use or disruptive UI behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal