Pacer Skill

Security checks across malware telemetry and agentic risk

Overview

Pacer is a coherent career-planning skill, but it saves broad sensitive career, resume, financial, and progress information with weak consent and deletion controls.

Install only if you are comfortable with a career coach that stores detailed resume, financial-runway, goal, milestone, and progress information in local memory and may check in weekly. Before uploading a real resume or sharing workplace/financial details, confirm how to pause Heartbeats and view, edit, or delete Pacer memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (19)

Vague Triggers

High

Confidence: 93% confidence
Finding: The README advertises very broad auto-activation phrases such as common career-related and everyday expressions, which can cause the skill to trigger when the user did not explicitly intend to invoke it. In a career-coaching skill that may parse resumes, guide decisions, and start ongoing tracking behavior, accidental invocation increases the risk of unwanted data processing and confusing or manipulative interactions.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README mentions weekly Heartbeat check-ins and progress tracking later in the document, but the top-level description does not clearly warn users that the skill may proactively continue engagement and store progress over time. This weakens informed consent, especially for a tool handling sensitive career history, goals, and uploaded CV data.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes very broad, everyday phrases such as “我该怎么办”, “不知道做什么”, and “规划”, which can easily appear in normal conversation unrelated to this specific skill. That creates a real risk of unintended invocation, causing the agent to activate career-planning behavior in contexts where the user did not explicitly request this skill, which can lead to confusing behavior, privacy overreach, or inappropriate use of persistent memory/heartbeat features.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The example explicitly asks for and then displays the user's financial runway ('8 months') without any notice about sensitivity, minimization, or handling of personal financial data. In a career-transition assistant, this information may be relevant, but surfacing it in a persistent summary increases privacy risk if logs, screenshots, or downstream systems expose the conversation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example shows the agent ingesting and summarizing a resume PDF, which commonly contains highly sensitive personal data such as employment history, contact information, education, and potentially identifiers, but provides no warning or consent language. Because the skill is explicitly a career companion, resume parsing is contextually expected, yet the lack of disclosure about analysis and data handling makes the behavior privacy-risky rather than harmless.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The example conversation is written entirely in Chinese and does not provide any language-selection step, fallback behavior, or indication that the user can choose another language. This can exclude or confuse users who do not read Chinese, causing consent and usability issues; in a career-planning skill, that may lead users to act on advice they only partially understand.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrase includes broad everyday language such as '我有哪些选择', which can easily appear in unrelated conversations and cause unintended activation of this skill. In an agentic system, over-broad triggers can hijack normal dialogue flow, cause the model to enter planning mode without clear user intent, and potentially process personal career data or generate outputs the user did not request.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The instruction to 'automatically enter after scan completion' lacks clear boundaries, prerequisites, and opt-in checks, which makes the transition implicit rather than user-authorized. In practice, this can lead to unwanted skill chaining, surprise processing of sensitive employment information, and increased risk of prompt-flow abuse if upstream stages can steer users into this module without an explicit request.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The prompt instructs the agent to persist structured CV data to memory, including employment history, skills, education, and inferred seniority/industry, without any explicit notice, consent, retention limit, or data-minimization rule. Because CVs contain sensitive personal and professional information, silent persistence creates privacy and secondary-use risk, especially if memory is reused across later interactions or exposed to other components.

Missing User Warnings

High

Confidence: 97% confidence
Finding: This prompt directs collection of sensitive personal and financial information, including economic reserves, professional history, and network details, and says to store responses in memory without any user-facing notice, consent flow, or data-minimization language. In a career-coaching context this data is highly identifying and can materially harm users if retained, leaked, or reused unexpectedly.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad, common terms such as 'career', 'next step', and 'what should I do', which can appear in ordinary conversation and unintentionally activate the skill. In a career-companion context this can cause unexpected collection of sensitive career or personal context and shift the assistant into a specialized workflow without clear user intent.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger condition includes broad, common phrases like '查看进度' and '我完成了...', which can plausibly appear in ordinary conversation and cause unintended skill activation. In a tracking skill, accidental invocation can expose or update sensitive progress data without the user clearly intending to enter the tracking workflow.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to persist career path, dates, milestones, and progress into local memory on first launch, but provides no user-facing notice or consent step. This creates a privacy risk because sensitive career-planning data is retained by default and users may not realize it is being stored long-term.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The Heartbeat feature sends proactive follow-up messages, including nudges after inactivity, without any clear upfront warning in the skill behavior description. While not overtly malicious, unsolicited prompts can surprise users, reveal use of the skill to others nearby, or pressure engagement in a context involving personal goals and routines.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The data storage spec retains detailed weekly commitments and daily check-in logs, including action descriptions and dates, but gives no explicit privacy notice. These records can reveal habits, routines, goals, and potentially sensitive employment-related information if accessed by another local user or synced unintentionally.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The instruction to store all answers in memory creates a retention risk because the collected answers include sensitive financial, employment, and motivational details that are not all necessary for every interaction. Persistent storage of this profile increases the blast radius of any memory exposure, cross-session leakage, or unintended reuse by later prompts.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Persisting CV-derived data in memory is particularly sensitive because CVs commonly contain full work history, education, dates, locations, contact information, and other identifying details. In this skill context, the CV parser plus automatic extraction and persistence makes the data collection broader and less visible to the user, increasing the chance of over-collection and long-term exposure.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The instruction to 'remember everything' and naturally reuse all user-provided information creates a broad retention and disclosure pattern with no minimization boundary. This increases the chance that sensitive personal, employment, financial, or health-adjacent details shared in one context will be surfaced later inappropriately or exposed to another user/session if memory isolation fails.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The prompt directs the agent to read persistent memory at the start of every conversation and update it whenever new information appears, encouraging continuous collection and reuse of personal data. Because this skill is a career companion, the stored information is likely to include sensitive employment history, goals, constraints, and possibly private life details, making over-collection and leakage materially more dangerous.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal