Back to skill

Security audit

Elderly AI Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent senior-assistant tool, with some broad but disclosed permissions that users should understand before installing.

Install only if you are comfortable granting the skill broad local agent tools, including Bash and file-editing permissions. Its visible behavior is aligned with an elderly-assistant purpose, but users should avoid sharing medical secrets, ID numbers, bank details, or passwords, and should treat health and medication output as reminders or general guidance rather than professional medical advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill grants Bash access even though its documented elder-assistant functions only require conversational behavior, reminders, and simple HTML generation. Unnecessary shell capability expands the attack surface: prompt-injection or misuse could lead to command execution, file manipulation, or system reconnaissance unrelated to user needs.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest describes a senior-care conversational assistant, but its capabilities include broad file operations and web access that exceed the apparent product scope. This mismatch is dangerous because users and reviewers may underestimate what the skill can do, enabling data exposure, unintended persistence, or retrieval of external content under a benign-looking persona.

Vague Triggers

Medium
Confidence
76% confidence
Finding
Broad trigger phrases such as '关爱模式', '老年模式', or '给爸妈用' may cause the skill to activate in unrelated conversations. Unintended activation is especially sensitive here because the skill has elevated tools and may begin file generation or web-assisted behavior without a clearly intended invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.