Back to skill

Security audit

Accessibility Toolkit

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent, but it needs review because it encourages low-friction smart-home and history-based automation without enough safeguards for doors, access codes, or sensitive user data.

Review and narrow this skill before installing. Keep the accessibility patterns, but do not allow generic voice commands or automatic routines to unlock doors, reveal access codes, disable alarms, or perform emergency/security actions without explicit user opt-in and stronger verification. Treat conversation-history analysis as sensitive and enable it only with clear consent, local processing where possible, redaction, and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The example voice triggers are short, common phrases like "Goodnight," "I'm working," and especially "Help," which are prone to accidental activation, misrecognition, or triggering by TV/audio from nearby devices. In this skill's context, those phrases are mapped to consequential smart-home actions and the document also promotes low-confirmation workflows, which materially increases the chance of unsafe or unauthorized actuation.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly normalizes acting without confirmation and includes an automation that unlocks a front door, but it does not present a clear warning or boundary around high-risk automations. In an accessibility-focused agent, reduced-friction design is understandable, yet that same context makes unsafe defaults more dangerous because users may rely heavily on automation for physical access and security-critical tasks.

Ssd 3

Medium
Confidence
88% confidence
Finding
The script description says it analyzes conversation history to identify repeated requests, which implies behavioral profiling and processing of potentially sensitive user data. For a disability-support skill, conversation logs may contain health, medication, schedule, and household details, so mining them without explicit privacy constraints increases confidentiality and misuse risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.