Dreams

Security checks across malware telemetry and agentic risk

Overview

This is a local dream-journal skill that stores personal entries on disk, with no evidence of hidden network access, credentials use, or destructive behavior.

Install only if you are comfortable saving dream details, emotions, relationships, and possible life triggers locally under ~/dreams/. Consider choosing a protected location, avoiding cloud sync for sensitive entries, and deleting entries you do not want retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs creation of a local `~/dreams/` workspace to store highly sensitive dream-journal content, including emotions, relationships, deceased family references, and possible mental-state indicators, but gives no warning or consent flow before writing to disk. This creates a privacy risk because users may not realize intimate personal data will be persistently stored locally, potentially exposed to other local users, backups, sync services, or compromised endpoints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal