elsewhere-companion

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent AI travel-companion workflow, with disclosed local state, Gemini use, and a scheduled update loop that users should control.

Install only if you are comfortable using a Gemini API key, sending a reference image and travel context to Gemini, installing the Python dependencies in a controlled environment, and manually stopping the scheduled loop when the trip is done.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill instructs the agent to execute shell commands, read environment variables, and read/write local files, but the skill metadata does not declare those permissions. This creates a transparency and least-privilege problem: a host may invoke the skill without realizing it can access secrets like GEMINI_API_KEY or modify persistent files such as data/persona.json.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrases include broad, everyday language such as "出去走走" and generic travel-companion terms, which can cause the skill to activate outside clearly intended contexts. Over-broad activation is risky here because the skill can initiate workflows involving shell execution and persistent file writes, increasing the chance of unintended side effects from casual conversation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal