focusAI

Security checks across malware telemetry and agentic risk

Overview

FocusAI is a disclosed screen-monitoring and focus-history skill that handles sensitive screenshots, but its behavior is purpose-aligned and repeatedly requires user setup and consent.

Install only if you want a tool that records your screen activity. Review the FocusAI repository and cloud vision provider settings yourself, keep API keys out of agent-readable conversations, confirm before starting background monitoring, and periodically delete local screenshot history you no longer need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger patterns are broad enough to match ordinary conversation and can cause the skill to start monitoring or query sensitive history without sufficiently precise intent disambiguation. In this skill, accidental activation is more dangerous than usual because the capability involves screenshot capture, behavioral monitoring, and possible transmission of visual data to a cloud vision provider.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The wake-word guidance uses fuzzy natural-language examples without clear boundaries, increasing the likelihood that the agent interprets ambiguous user statements as authorization to invoke FocusAI. Because the skill can inspect prior activity and control a local monitoring service, ambiguity raises privacy and consent risks beyond a normal convenience feature.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal