Neighbor Mutual Aid

Security checks across malware telemetry and agentic risk

Overview

This skill is a practical neighborhood mutual-aid guide, but it asks users to collect and circulate sensitive neighbor contact, vulnerability, resource, and key-access information without enough safeguards.

Install only if you are prepared to handle neighbor information carefully. Before collecting anything, get explicit consent for both collection and sharing, keep emergency needs and key or lockbox details off any broadly shared sheet, limit distribution to participants, store files securely, and delete or update records when someone opts out or moves.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill directs the user to collect, record, and redistribute neighbors' names, addresses, phone numbers, emergency needs, key-exchange preferences, and household vulnerabilities. In this context, compiling a block-wide contact/resource sheet without strong consent, minimization, retention, and access controls creates real privacy and physical-security risk, especially because sensitive data such as medical training, mobility limitations, and who has keys or valuable equipment could be exposed to other neighbors or mishandled.

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal