大圆虾-日程助手

Security checks across malware telemetry and agentic risk

Overview

This is a simple scheduling helper whose reminders and schedule updates match its stated purpose, though users should be careful with customer and contract details.

Install only if you are comfortable letting the agent manage schedule records and prepare reminders. Confirm writes and outbound notifications before they happen, and avoid storing unnecessary confidential customer, contract, or renewal details in shared files or messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The skill explicitly describes sending reminder notifications and reading/writing schedule records, which can involve customer names, meeting details, contract dates, and other business-sensitive information, but it provides no privacy guidance, data minimization requirements, or consent/access-control expectations. In a customer-manager scheduling context, this omission can lead to inadvertent exposure of personal or confidential commercial data through messages, documents, or improperly handled files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal