Back to skill

Security audit

Touqi Todo

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent end-of-life planning purpose, but it handles extremely sensitive information like passwords and final wishes with trigger and review controls that are too loose for automatic installation.

Review this skill carefully before installing. It is not showing malware-like behavior, but it is designed for very private end-of-life material and account handoff details. Do not enter raw passwords or recovery codes; use references to a secure password manager or vault instead, keep quick-capture disabled unless you clearly need it, and review or delete captured candidates before any export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger conditions are broad enough to match common phrases like '整理一下' or '现在到哪了', which can cause the skill to activate in conversations that are not clearly about end-of-life planning. In this skill’s context, accidental activation is more dangerous than usual because it handles extremely sensitive material such as final wishes, account credentials, and messages for family, increasing the risk of oversharing or inappropriate data capture.

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill is designed to collect highly sensitive personal data, including last wishes, post-death instructions, and passwords, but it does not prominently warn users about the sensitivity of this information or encourage minimization. Without a clear warning, users may disclose secrets and regulated personal data they would not otherwise share, creating elevated privacy, security, and misuse risks.

Ssd 3

Medium
Confidence
92% confidence
Finding
The '顺手记' feature authorizes ongoing capture of sensitive content from broader user inputs and explicitly states that candidates do not need per-item user confirmation before internal filtering and eventual use. In a skill centered on digital inheritance and personal secrets, this materially increases the chance of collecting, retaining, and later surfacing sensitive data the user did not intend to formally record.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.