摸摸头（PatPat）-你的科学育儿教练

Security checks across malware telemetry and agentic risk

Overview

The available evidence points to a parenting-advice skill with scope and language-usability concerns, but no artifact-backed malicious behavior or high-impact authority.

Before installing, check that you want a parenting-focused skill to activate for broad family or child-related discussions, and make sure its language behavior fits your users. Treat its guidance as general support, not a substitute for professional medical, mental-health, legal, or safety advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger condition is extremely broad: it activates for essentially any family or child-related difficulty, even when the user has not clearly requested parenting guidance. In a multi-skill or agentic environment, this can cause misrouting, override more appropriate skills, and inject sensitive parenting/mental-health-style advice into conversations where it is not intended, increasing privacy and safety risk.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: Forcing Simplified Chinese for all interactions without user choice can create accessibility and comprehension failures, especially for users who prefer another language or script. In a parenting-support context, misunderstanding safety guidance, emotional coaching, or crisis instructions can materially reduce the usefulness and safety of the response.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal