Health Check

Security checks across malware telemetry and agentic risk

Overview

This is a simple local health tracker that stores hydration and sleep records in one JSON file, with no hidden network or credential behavior found.

Install only if you are comfortable storing hydration and sleep timestamps in a local JSON file. Before asking the agent to update or delete entries, be explicit about the intended record, and consider keeping a backup because the documented delete/update commands have no undo.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill includes commands that update and delete records directly from persistent storage without any confirmation, preview, bounds checking, or rollback. In an agent setting, ambiguous user input or accidental invocation could silently destroy or alter health data, which is especially risky because the operations target the most recent record and provide no recovery path.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal