Positive Parenting

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese parenting-coach instruction skill with disclosed safety boundaries and no executable code, data access, or persistence.

Before installing, remember that parenting conversations can include sensitive family and child details, so consider how your host app stores chats. Use this as supportive coaching only, not as medical, legal, psychological, or emergency help; for safety risks, contact appropriate local professionals or emergency services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger scope is intentionally very broad, causing the skill to activate for almost any family or child-related difficulty. This can inappropriately hijack unrelated conversations, override more suitable domain-specific skills, and increase the chance of the model giving sensitive parenting guidance when the user did not explicitly seek it.

Natural-Language Policy Violations

Medium

Confidence: 77% confidence
Finding: Forcing all interactions into simplified Chinese without an explicit user-choice mechanism can create misunderstandings, especially in safety-sensitive parenting situations. If the user is more comfortable in another language, important nuance about risk, consent, or crisis handling may be lost, reducing the reliability and safety of the guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal