Temp Test

Security checks across malware telemetry and agentic risk

Overview

This skill needs Review because it asks for always-on access to files, memory, and script execution while its identity and runtime instructions are inconsistent and its sensitive memory behavior is under-scoped.

Install only if you are comfortable with an always-on assistant maintaining local personal memory and relationship/emotional notes. Before installing, the publisher should align the package identity and SKILL.md with the README, remove or justify script execution, narrow auto-activation, and document exactly what data is stored, when it is loaded, and how users can inspect, disable, or delete it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The FAQ gives a strong assurance that the skill 'will not leak privacy' and stores everything locally, while the rest of the document describes broad access to character memories, user profiles, calendars, and relationship data. Overbroad privacy guarantees can mislead users into granting access to highly sensitive data without informed consent, increasing the risk of unsafe deployment or misuse.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill is presented as proactively reading calendars, inspecting multiple characters' memories, and automatically storing context, but the README does not foreground the privacy sensitivity of these operations or require explicit opt-in. In an agent skill, silent or weakly disclosed collection of schedules, relationships, and behavioral data can expose highly sensitive personal information and normalize overcollection.

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill is configured to auto-activate with high priority on session start, every received message, and heartbeat events, creating an unusually broad invocation surface. In a skill that also has workspace-wide file access, memory read/write, script execution, and git status permissions, this greatly increases the chance of unintended execution, privilege misuse, or persistent background behavior without clear user intent.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The README explicitly promotes persistent memory, proactive recall, and remembering private details across conversations. In this context, the skill is designed to accumulate sensitive personal information over time, which increases harm from unauthorized access, misuse by other skills, accidental disclosure, or excessive retention beyond user expectations.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The design encourages logging of emotions, relationships, triggers, and conversation-derived personal data into structured records. This creates a concentrated repository of intimate behavioral and psychological data that could enable profiling, manipulation, stalking, or severe privacy harm if accessed by an attacker, a malicious plugin, or even an over-permissioned local process.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The documented file layout includes USER.md, MEMORY.md, character memory files, patterns, and events.jsonl with emotional and prediction histories. Publishing and encouraging this schema normalizes storage of highly sensitive user profiles and inferential data in predictable local paths, which increases exposure to local compromise, accidental backup/sync leakage, or unauthorized access by other tools on the same machine.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal