Life Capture

Security checks across malware telemetry and agentic risk

Overview

This is a local life-log skill that clearly says it saves user-provided notes to markdown and SQLite, with no evidence of hidden network, credential, destructive, or unrelated behavior.

Install this only if you want a durable local personal journal/database. Keep the life folder private, avoid saving secrets or highly sensitive details, and use the parse-only workflow when you want to review ambiguous entries before writing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill instructs the agent to read and write files and execute Python scripts via the shell, but it declares no permissions or equivalent trust boundary information. This creates a hidden capability mismatch: users or calling systems may invoke the skill without realizing it can persist data locally and run commands, increasing the risk of unintended file modification, shell abuse, or policy bypass if activation is too broad.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description contains broad triggers such as recording daily-life notes, mixed sentences, and organizing personal information, which could match many ordinary conversations. Overbroad activation increases the chance that the skill captures unrelated user content and writes it to disk/database without sufficiently specific intent, especially because the skill also has write and shell capabilities.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill persists personal data into markdown files and a SQLite database, but it does not require an explicit privacy warning or consent flow before storage. Because the captured content may include schedules, expenses, reminders, and ideas, accidental or uninformed use can create a durable local record of sensitive personal information that users did not realize would be retained.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The hint configuration uses very common words such as time expressions and generic action verbs to infer record types, which can cause overbroad classification of ordinary user text. In this skill, the parser writes notes to markdown and syncs structured fields into SQLite, so misclassification can silently store personal content under the wrong schema, creating privacy, integrity, and downstream reporting risks.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script unconditionally writes user-provided content into markdown files under the supplied root path without any confirmation, dry-run mode, or path trust boundary enforcement. In an agent setting that processes natural-language logging requests, this increases the risk of unintended persistence of sensitive personal data and can overwrite or modify files if the root path is mis-scoped or attacker-influenced.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script silently stores structured life-log data in SQLite, including raw text, summaries, timestamps, and tags, with no visible notice, minimization, or consent mechanism. In this skill's context, the data is highly personal, so silent persistence expands privacy risk and retention risk if the database path is shared, synced, or later accessed by other tools.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal