见自己

Security checks across malware telemetry and agentic risk

Overview

This self-reflection skill is not malicious, but it should be reviewed carefully because it can collect intimate disclosures and automatically turn them into a first-person publishable-style article without a clear consent checkpoint.

Install only if you are comfortable sharing personal reflections with an agent and having them turned into an analysis plus a first-person article. Before using it, explicitly tell the agent whether you want only conversation, a report, or an article; avoid sharing details you would not want saved or reused; and review or redact any generated text before sharing it anywhere.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill is presented as a self-exploration aid, but it automatically repurposes sensitive user disclosures into a first-person public-facing article. That changes the data use purpose from reflection to content generation, increasing privacy and consent risk because users may reveal intimate details they did not expect to be rewritten for publication-style output.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The skill requires collecting or inferring gender for profile generation, even though gender is not necessary to conduct self-reflection or produce a useful report. Unnecessary collection or inference of sensitive personal attributes expands privacy exposure and creates risk of misgendering or unwanted profiling.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The skill says the user has absolute control and that the process must immediately stop when the user says to stop, but elsewhere directs the agent to continue generating analysis based on prior disclosures. This contradiction can cause processing after withdrawal of consent, which is especially risky in a skill that elicits personal and emotional information.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The implicit triggers are broad and overlap with common expressions of confusion, reflection, or life planning. This can cause the skill to activate in contexts where the user did not intend deep self-analysis, leading to unnecessary collection of personal information and steering the conversation toward profiling-style outputs.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The keyword list includes broad, high-frequency phrases without disambiguation or exclusions, increasing the chance of accidental activation. In this skill, misfires are more dangerous because activation can lead to collection of intimate details and automatic generation of analysis and user-voice writing.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The workflow mandates automatic generation of an analysis report and article from user disclosures without clearly informing the user at the point of data collection how their statements will be reused. This weakens informed consent and can surprise users who thought they were only engaging in a private reflective dialogue.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill requests personal details such as gender and age range without defining retention, scope, or why each item is necessary. In a reflective setting, users may be unusually candid, so collecting unnecessary identity attributes without clear privacy boundaries increases data misuse risk.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to infer and reuse personal profile attributes from conversation content without an explicit consent gate. Inferring identity characteristics from intimate discussion increases profiling risk and may create incorrect or sensitive assumptions the user never agreed to share or reuse.

Ssd 3

High

Confidence: 96% confidence
Finding: The skill automatically turns private disclosures into a public-facing first-person article, which is a significant secondary use of sensitive content. Because the article is written in the user's voice, it can blur authorship and encourage disclosure of deeply personal material under the mistaken belief that the exchange is only reflective and private.

Ssd 3

High

Confidence: 97% confidence
Finding: The skill directs use of the full dialogue and the user's expression patterns to produce publishable content in the user's voice. This increases risks of impersonation, privacy leakage, and overexposure because intimate disclosures and stylistic fingerprints are repackaged into outward-facing content without a strong consent boundary.

Ssd 4

High

Confidence: 94% confidence
Finding: The workflow is designed to gradually elicit sensitive details about experiences, emotions, relationships, and values, then convert those disclosures into profiling and publication-style outputs. This combination makes the context more dangerous than ordinary journaling assistance because the user is steered into revealing intimate material that is then automatically analyzed and repurposed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal