awesome-closet-stylist

Security checks across malware telemetry and agentic risk

Overview

This wardrobe stylist skill stores wardrobe and style-preference data locally for its stated purpose, with no executable code or exfiltration behavior found.

Install only if you are comfortable with a local assistant keeping wardrobe, fit, style, color, and occasion preferences over time. Review or clear the user JSON files if you do not want that history retained, and avoid adding weather configuration if location privacy is a concern.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The specification explicitly directs the agent to store durable user preferences in `user/preference.json`, but it does not require any user-facing disclosure that information will be retained across sessions or written to persistent storage. In a wardrobe-styling skill, these preferences can reveal personal habits, body-fit tendencies, and lifestyle patterns; silent retention increases privacy risk and can lead to users unintentionally disclosing long-term personal data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal