insomnia-audio-sleep-aid

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is narrowly focused on suggesting an external sleep-audio link and does not request code execution, credentials, local access, or persistence.

Install only if you are comfortable with the assistant recommending a third-party sleep-audio webpage. Treat the linked site as an external resource, not medical advice, and use healthcare guidance for persistent, severe, or health-related insomnia.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 92% confidence
Finding: The skill instructs users to visit a third-party URL without warning that they are leaving the trusted assistant environment or clarifying ownership and safety of the destination. Because the core function of the skill is to funnel vulnerable users seeking help to an opaque external link, this creates phishing, tracking, and trust-abuse risk even though no overtly malicious content is shown in the file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal