Security audit

BUDDY 宠物系统

Security checks across malware telemetry and agentic risk

Overview

This is a local virtual-pet skill with disclosed toy-state persistence and no evidence of credential access, network exfiltration, or destructive behavior.

Install only if you are comfortable with a playful pet skill that may activate on broad pet-related wording, can print a pet-related context prompt for the assistant, and stores small mute/saved-pet state in /tmp/buddy-state.json. Use explicit /buddy commands if you want tighter control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill metadata presents Buddy as a simple pet interaction tool, but the documented behavior includes hidden or under-disclosed capabilities: context-injection prompt generation, persistent local state, and privileged/demo-style pet generation. That mismatch matters because users and orchestrators may grant trust or invoke the skill under false assumptions, enabling unintended persistence and prompt-surface manipulation that can affect later model behavior.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The 'prompt' command explicitly emits AI context-injection text intended to influence downstream model behavior, yet this capability is not declared in the manifest. In an agent skill, hidden prompt-shaping functionality is risky because it can alter assistant behavior outside the expected pet-interaction scope and reduce transparency around instruction injection.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger conditions are overly broad, including 'buddy' and essentially any pet-related topic, which can cause accidental activation outside the user's intent. In an agent setting, overbroad triggers can unexpectedly execute tool logic, produce injected context, or alter persistent state when the user was only speaking casually or referring to unrelated pet concepts.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation section again uses fuzzy conditions such as any question related to BUDDY, a pet name, or pets generally, which increases the chance of unintended skill execution. Because this skill can influence AI context and maintain state, accidental invocation is more dangerous than a harmless UI feature; it can change future assistant behavior or surface user-linked state without a clearly authorized command.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal