Back to skill

Security audit

Sleep Quality Improver

Security checks across malware telemetry and agentic risk

Overview

This is a simple sleep-wellness guidance skill with no code or data access, though its crisis-safety text should be language-matched for users who do not read Chinese.

Install only if Chinese-language safety guidance is acceptable for your expected users. For broader use, the publisher should add crisis and medical disclaimer text in the user's language and remove or restore the missing reference files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill hard-codes crisis escalation and disclaimer text in Chinese without indicating that the skill is Chinese-only or providing a language-matched fallback. In a safety-critical moment, a user who does not read Chinese may miss or misunderstand self-harm escalation guidance, which can delay access to appropriate help and undermine the effectiveness of the safety intervention.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.