心理测评

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed mental-health self-assessment tool that runs local scoring scripts and creates a local HTML report, with no evidence of exfiltration or hidden behavior.

Install only if you are comfortable answering sensitive mental-health screening questions and storing the resulting report locally. Avoid using it on shared devices unless you can delete the generated report afterward, and treat any severe or self-harm result as a reason to contact a qualified professional or crisis service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list contains broad everyday phrases such as '心理健康' and generic test-related wording that could activate the skill unintentionally in unrelated conversations. Because this skill handles highly sensitive mental-health assessment flows and may generate reports, accidental invocation increases privacy and safety risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill describes generating, previewing, and delivering a local HTML report but does not clearly warn users that the report may contain sensitive mental-health screening data. This is dangerous because users may not realize their responses and risk indicators could be stored in a local file or attachment, increasing exposure through shared devices, logs, or later access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal