Nuclear Accident Human Lifeline

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it asks the agent to keep sensitive local records about real nearby people and their assets without clear consent or privacy limits.

Install only if you are comfortable managing sensitive notes about real people. Get explicit permission before saving contact details or capabilities, avoid trust ratings and detailed asset inventories when possible, store any files securely, and delete them when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to create and maintain structured files containing identifiable local people, contact details, trust assessments, assets, and interaction history. That creates a sensitive local dossier on third parties without any privacy safeguards, minimization, retention policy, or consent framework, increasing the risk of privacy harm, misuse, or exposure if the files are accessed by others.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal