Security audit

Screen Time Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill is a local screen-time coaching template with no evidence of hidden data access, persistence, or unsafe authority.

Before installing, understand that this is a coaching and planning skill, not an app telemetry reader or blocker. Only provide screen-time details you are comfortable sharing with your agent; the artifact itself does not show hidden collection, persistence, or external access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Low

Confidence: 83% confidence
Finding: This markdown file presents example user inputs such as "Audit my iPhone screen time report" and "Design a graduated reduction plan," but it does not define whether these are the only intended invocation patterns or provide any exclusion conditions. Without explicit trigger scope or negative examples, activation could overlap with general productivity or habit-advice requests.

Natural-Language Policy Violations

Low

Confidence: 76% confidence
Finding: The file contains bilingual headings and a Chinese-only scenario alongside English scenarios, but it does not explain how the skill chooses its response language. This can create an implicit language policy issue if the skill defaults to one language without user opt-in or explicit matching behavior.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The manifest description says to use the skill when someone 'feels trapped by scrolling, checking, or rebound screen behavior,' and the body says to use it when screen time 'feels too high.' These conditions are conceptually relevant but still broad and lack explicit trigger phrases, exclusions, or negative examples, which could cause the skill to be invoked for general productivity or mental-health discussions rather than a narrow screen-time audit context.

Natural-Language Policy Violations

Low

Confidence: 80% confidence
Finding: The file presents bilingual naming and a full Chinese usage scenario, but it does not explicitly say that the assistant should respond in the user's chosen language. That can create an implicit language-selection policy where the skill may switch or force a language without clear user opt-in.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal