Fitness For Desk Workers

Security checks across malware telemetry and agentic risk

Overview

This is a coherent fitness guidance skill with disclosed reminder-style automations, but users should opt in deliberately to recurring notifications.

Install only if you want a fitness/posture coaching skill that may help set recurring workout and posture reminders. Before enabling automations, choose the reminder times yourself, avoid letting it infer whether you are at your desk, and make sure you know how to pause or delete the reminders.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger condition `user is at desk` is ambiguous because it does not define how presence at a desk is detected, when monitoring starts, or what consent boundaries apply. In an agent system with calendar/filesystem access and automation support, vague conditions can lead to over-triggering, incorrect inferences about user activity, and notification spam or unintended background monitoring behavior.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill defines recurring reminders (`3x per week`, `every 45 minutes during work hours`) but does not clearly warn the user that enabling the skill may create persistent ongoing automations. This is risky because users may unintentionally authorize long-lived reminders that affect their workflow, create notification fatigue, or continue beyond expected use without obvious awareness or easy revocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal