Back to skill

Security audit

Temp Test

Security checks across malware telemetry and agentic risk

Overview

This instruction-only Jarvis companion skill is not malware, but it asks the agent to automatically build and reuse sensitive personal, emotional, and relationship memory with broad default access.

Install only if you deliberately want a persistent personal-companion persona. Before use, restrict which files it may read or write, disable heartbeat/background behavior unless explicitly wanted, require confirmation before workspace edits, and regularly review or delete memory under ~/self-improving and ~/characters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The startup ritual instructs the agent to automatically read multiple memory and profile files at the start of every session without requiring fresh consent, scoped necessity, or a nearby privacy warning. That creates default cross-session surveillance behavior and increases the chance that sensitive prior context is surfaced inappropriately or loaded when not needed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The heartbeat system performs ongoing memory maintenance, relationship scanning, and proactive outreach based on stored personal data, but the description lacks a clear warning and consent boundary for continuous monitoring. This normalizes background analysis of sensitive interpersonal data outside direct user prompts.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill directs persistent logging of prediction events, advice quality, and associated emotional context into a shared history file without prominent disclosure or consent. Persistent behavioral logging of this kind can create a detailed profile of the user’s decisions and vulnerabilities that may later be misused or exposed.

Missing User Warnings

High
Confidence
99% confidence
Finding
This section explicitly stores and analyzes the user's emotional history over time, including triggers and trends, which is sensitive psychological data. Collecting and inferring emotional state across sessions without strong disclosure, consent, and safeguards materially raises privacy and manipulation risks.

Ssd 3

Medium
Confidence
97% confidence
Finding
The default startup rule aggregates prior-session memory, user files, and recall indexes automatically, which causes broad collection and resurfacing of personal context without task-based necessity. In a conversational assistant, this makes accidental overexposure of stored personal information much more likely.

Ssd 3

High
Confidence
98% confidence
Finding
The memory and heartbeat rules explicitly tell the agent to maintain persistent files about user preferences, hanging tasks, relationship patterns, and personal interaction history. This is sensitive profiling data, and retaining it by default expands the attack surface and risk of privacy harm if the data is exposed or reused unexpectedly.

Ssd 3

High
Confidence
99% confidence
Finding
The event-tracking rules require continuous appending of advice outcomes and emotional state to a unified history log, creating a durable longitudinal profile. Centralizing this sensitive behavioral data in one file increases both exposure risk and the potential for secondary uses beyond the user's expectations.

Ssd 3

High
Confidence
99% confidence
Finding
The relationship-pattern feature instructs the agent to infer, label, store, and later reuse sensitive profiles about the user and third parties, including interpersonal dynamics and behavioral tendencies. Even with partial confirmation flow, generating and retaining such profiles is privacy-invasive and can encode inaccurate or harmful judgments about real people.

Ssd 3

High
Confidence
98% confidence
Finding
The multi-role and emotional-history features direct the system to load broad personal context, merge records about multiple people, and analyze emotional trends over time. This compounds privacy risk by enabling richer inference, broader retrieval, and cross-linking of sensitive data that the user may never have expected to be combined.

Ssd 4

Medium
Confidence
90% confidence
Finding
The progressive capability-unlock design encourages the agent to accumulate more intimate details and adopt increasingly intrusive behavior over time as trust scores rise. This is dangerous because it normalizes privacy expansion and deeper profiling as a built-in growth path rather than requiring renewed consent for each escalation.

Ssd 3

High
Confidence
99% confidence
Finding
The built-in recall system defaults to loading broad historical memory and even supports commands to retrieve all prior history, which greatly increases the amount of sensitive information accessible in each session. In this context, the feature is especially risky because the rest of the skill already emphasizes persistent profiling, emotional tracking, and relationship inference.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.