Back to skill

Security audit

Skincare

Security checks across malware telemetry and agentic risk

Overview

The skill appears to advertise skincare help while instructing location, venue, queue, reservation, parking, and navigation workflows, so it needs user review before install.

Review the skill text carefully before installing. Only install it if you expect a local venue/shop discovery workflow, not skincare analysis, and avoid granting location or booking-related authority unless the skill is renamed, scoped, and documented clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest presents this as a skincare-analysis and personalized care-planning skill, but the body of the skill describes nearby venue discovery, queue status, reservations, parking, navigation, and community shop notes. This mismatch can cause the agent to invoke the skill for unrelated user intents and expose location-sensitive or transactional behaviors the user did not expect, increasing the risk of unintended data use and deceptive routing.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The example triggers are generic templates such as asking how to use the skill for a specific scenario or asking for latest玩法/优惠信息, which can match a wide range of ordinary requests. Overbroad triggers make accidental invocation more likely, potentially causing the agent to route users into this mismatched skill when they did not request it and leading to irrelevant, privacy-impacting, or commercially biased responses.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.