幸福开瓶器

Security checks across malware telemetry and agentic risk

Overview

This wellness skill is not malware, but it quietly builds long-term sensitive profiles about the user and other people, so it belongs in Review before installation.

Install only if you are comfortable with a local assistant quietly building long-term profiles from your conversations. Before using it, look for or add controls to opt in, inspect and delete files under ~/.marvis/xingfu-kaipingqi/, disable memory, and avoid saving sensitive details about other people.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (26)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill collects personal profile attributes such as zodiac sign, self-evaluation, birth year, mood history, and other inferred traits for ongoing storage, which goes beyond what is necessary for lightweight happiness suggestions. Because the profile is built silently and retained over time, this creates a disproportionate privacy risk and potential misuse of sensitive behavioral and emotional data.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: Relationship-target profiling and anniversary tracking extend data collection to intimate social context and third-party information, increasing sensitivity beyond a generic wellbeing assistant. Tracking partners, relationship stages, and important dates can expose highly private details if accessed, leaked, or surfaced unexpectedly.

Context-Inappropriate Capability

Medium

Confidence: 78% confidence
Finding: Even though the document says financial topics are only handled reactively, it still defines financial profiling behavior inside a happiness/emotional-support skill. Mixing emotional support with financial-status inference increases sensitivity and creates unnecessary risk of over-collection or inappropriate downstream personalization.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The document specifies persistent user profiling, target-object profiling, and location-aware recommendation logic that materially expands data collection and inference beyond the simple front-facing description of a lightweight suggestion tool. This creates a transparency and privacy risk because users may not reasonably expect silent profile growth, frequent-area use, and contextual inference from the advertised behavior.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The engine uses target-person tags, relationship stage, pursuit-object preferences, parents' needs, and partner emotions to generate recommendations, which implies inference and storage about third parties who may not have consented. For a general happiness companion, this is disproportionate and increases the risk of intrusive profiling, manipulation, or misuse of sensitive interpersonal data.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: This module persists a broad, long-lived personal profile including emotional, financial, relationship, and behavioral attributes. For a 'lightweight happiness companion,' that level of profiling creates a data-minimization and transparency problem: users may reasonably not expect the skill to silently accumulate such sensitive inferences over time.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The code stores profiles about third parties, including relationship stage, health notes, communication style, birthdays, and family harmony. Persisting non-user personal data without clear notice or consent is especially risky because it expands privacy exposure beyond the primary user and may capture sensitive information about people who never interacted with the system.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation states that a user profile 'silently grows in the background' and that data is stored locally, but it does not clearly disclose what data is collected, how long it is retained, or how users can review/delete it. For a skill handling emotional state, relationships, gifts, and monthly summaries, this creates meaningful privacy risk because sensitive behavioral and inferred personal data may be persisted without informed consent.

Vague Triggers

High

Confidence: 93% confidence
Finding: The trigger list includes many common conversational phrases such as '焦虑', '压力大', '这个月', and '不知道干嘛', making accidental activation likely during ordinary chat. In this skill, overbroad activation is especially risky because activation can lead to hidden profiling, storage, and emotional inference without a clear user decision to invoke the feature.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: Phrases like '一句话触发' and '随时' make the activation boundary ambiguous, so users may not understand when the skill is active or when data handling begins. That ambiguity becomes more dangerous here because the skill also performs persistent, silent profile updates after interactions.

Vague Triggers

High

Confidence: 91% confidence
Finding: Allowing startup from '任意触发词' removes meaningful scope limits and makes the skill susceptible to triggering on incidental user language. Since first-run behavior includes collecting personal attributes, this raises the chance of unintentional onboarding into a profiling workflow.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The document explicitly says the background profile 'silently grows' and stores data in the user's home directory, but it does not provide clear notice or consent for persistent storage. Silent retention of personal wellbeing and relationship data materially increases privacy risk and undermines user expectations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The first-run flow asks for zodiac sign and birth year, which are personal attributes, without a clear explanation of necessity, retention, or whether answering is optional in practice. Collecting personal data at onboarding without informed notice can normalize over-collection and surprise users later when it is retained.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: Automatic monthly summaries and anniversary tracking represent ongoing processing of personal data over time, yet the skill text does not indicate meaningful user notification or consent for these recurring behaviors. Continuous processing increases the chance of sensitive inferences and unexpected resurfacing of private information.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The documented trigger phrases are broad natural-language expressions like “这个月怎么样” and “幸福回顾”, which can easily appear in ordinary conversation and cause unintended invocation of the monthly summary flow. Because this skill reads profile, mood, suggestion, and target history, ambiguous triggering can surface aggregated personal insights when the user did not clearly intend a retrospective, increasing privacy and consent risk.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The schema explicitly requires covert data collection and automatic profile updates without making the user aware they are being profiled. This is dangerous because it defeats informed consent, enables hidden retention of personal data, and creates privacy and trust harms if sensitive inferences are stored or later reused.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The design starts from broad trigger handling for 'daily random / situational help' and the overall skill metadata lists many vague natural-language triggers, which raises the chance the skill activates in contexts the user did not clearly intend. When combined with silent profile reads and contextual recommendations, unintended activation can expose or use personal data unexpectedly.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The green-zone classifier uses common conversational phrases such as “无聊”, “没意思”, and “emo” with a keyword-first default-to-green strategy. In a mental-health-adjacent skill, this can misclassify users with more serious distress into a low-severity path, leading to minimizing symptoms and offering lightweight activation tips when stronger escalation or structured support is warranted.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The yellow-zone list includes broad emotional and functional terms like “焦虑”, “失眠”, and “压力太大” without thresholds for duration, intensity, or co-occurring crisis signals. In this context, vague keyword matching can produce inconsistent triage and may either over-pathologize ordinary distress or, more importantly, keep a user in a non-crisis workflow when escalation to red-zone support should occur.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: The framework provides only Chinese-language messaging and China-specific support resources, with no language or locale selection. For users outside that language or region, especially in crisis scenarios, this can make emergency guidance inaccessible or misleading, delaying access to appropriate local help.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The module stores sensitive profile, mood, relationship, and suggestion-history data in plaintext local JSON files under the user's home directory, with no evidence of user-facing disclosure, consent, encryption, or retention controls. Even if storage is local-only, this increases privacy risk from shared devices, backups, malware, or other local processes reading intimate behavioral data.

Ssd 3

Medium

Confidence: 95% confidence
Finding: Instructions to silently build a long-term user profile and generate periodic summaries from conversation history create a clear natural-language data retention risk. Sensitive emotional, relationship, and behavioral details can accumulate over time and be exposed through later prompts, summaries, or local data compromise.

Ssd 3

High

Confidence: 98% confidence
Finding: The workflow explicitly directs the agent to extract information from every conversation and silently update persistent profiles after each chat. This is a high-risk pattern because it operationalizes continuous surveillance-like collection without an active user decision each time data is stored or expanded.

Ssd 3

High

Confidence: 99% confidence
Finding: These lines instruct the system to 'never use forms, never interrogate' and to silently distill conversation into persistent profile updates, which is covert collection by design. In the context of a lifestyle and emotional-support skill, users are especially likely to disclose intimate information, making undisclosed persistence materially risky.

Ssd 3

High

Confidence: 99% confidence
Finding: The schema promotes broad, ongoing capture of sensitive and inferred traits, including emotional state, relationship status, family dynamics, work pressure, financial mentions, health-adjacent goals, and inferred consumption tier. This creates a rich behavioral dossier that could be misused for manipulation, unauthorized targeting, or harmful disclosure if exposed.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal