Sleep Hygiene Overhaul

Security checks across malware telemetry and agentic risk

Overview

This sleep-coaching skill is coherent and purpose-aligned, but it stores sleep-related details and may create recurring reminders.

Install only if you are comfortable with the agent saving sleep-habit details and creating sleep-related reminders. Review or disable reminders if notification privacy matters, and avoid sharing health details you do not want persisted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly persists sensitive health and behavioral data across sessions, including sleep patterns, alcohol use, anxiety-related indicators, and possible sleep apnea flags, but the skill description and body do not provide a clear upfront warning or consent mechanism for ongoing storage. This creates a privacy risk because users may disclose health-adjacent information without understanding that it will be retained and reused by automations over time.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The automation triggers activate on minimal state such as a set anchor time or ritual and then run daily or after simple conditions, which can result in repeated unsolicited reminders and health-related prompts. In a wellness context, this is risky because it can create persistent monitoring-like behavior, surface sensitive health inferences at unexpected times, and continue nudging after a user may no longer want the protocol active.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal