Replyher Skill Pub

Security checks across malware telemetry and agentic risk

Overview

ReplyHer is an instruction-only chat coaching skill, with the main risk being that users may voluntarily share private conversations or screenshots.

Reasonable to install as a communication coaching skill. Before using it, redact names, phone numbers, addresses, workplace secrets, financial details, intimate content, and unrelated third-party messages; review replyher.com separately before using any memory, screenshot, or personality-profiling pro features.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README encourages users to paste received messages and chat threads for analysis but does not warn that these inputs may contain sensitive personal data, third-party communications, or confidential workplace information. In a skill centered on interpersonal messaging, this omission increases the chance that users overshare private content without informed consent or redaction.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README advertises relationship memory, screenshot recognition, deep diagnosis reports, and personality inference without disclosing the privacy and consent implications of processing highly sensitive interpersonal content. These features can involve persistent storage, extraction of third-party data from images, and sensitive profiling, making the omission more dangerous in the context of a chat-analysis skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal