Dayplanner

Security checks across malware telemetry and agentic risk

Overview

Dayplanner is a local command-line planner that stores user-entered notes on disk as expected, with no evidence of network access, credential use, or hidden behavior.

Install only if you are comfortable with your planner entries being saved as local plain-text files under ~/.local/share/dayplanner. Avoid entering secrets, credentials, regulated data, or highly sensitive work notes, and delete that directory if you want to remove stored entries and exports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The skill stores free-form user input and exports it to disk, but the main description does not prominently warn users that their entries persist in local log and export files. This can lead users to enter sensitive personal or work information under the mistaken assumption that the tool is ephemeral, increasing privacy and data exposure risk on shared systems or backups.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The tool silently persists all user-entered planner content under ~/.local/share/dayplanner, including potentially sensitive schedules, reminders, and work notes, without clear disclosure at startup or in help output. In a productivity context, users may reasonably enter confidential personal or business information, so undisclosed retention materially increases privacy and local exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal