patpat

Security checks across malware telemetry and agentic risk

Overview

PatPat is an instruction-only parenting support skill with disclosed scope, no executable code, and no hidden data access or persistence.

Install this only if you want a parenting co-regulation workflow for child emotional moments. Avoid sharing unnecessary identifying details about children, confirm language and cultural fit, and seek professional or emergency help for safety risks, severe aggression, self-harm concerns, or persistent impairment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation criteria are intentionally very broad and include essentially any family scenario involving a child's or parent's emotional difficulty. In an agent setting, this can cause the skill to intercept queries outside its narrow purpose, leading to inappropriate routing, reduced user autonomy, and parenting guidance being applied where other skills or general handling would be more appropriate.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: Defaulting child-facing output to Simplified Chinese without confirming user preference can create language mismatches, especially in multilingual or non-Chinese contexts. In a high-stress childcare situation, misunderstanding instructions or scripts can reduce usefulness and potentially worsen the interaction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal