Mindfulness (Tracker, Logger, Guided Practice)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only mindfulness tracker that stores local wellness notes only with user confirmation and makes no network or credential requests.

Install if you want local mindfulness tracking and guided practice support. Review proposed writes to ~/mindfulness/ before approving them, and avoid saving highly sensitive medical, crisis, or private personal details in session notes unless you intentionally want them stored locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The setup instructs the skill to activate for broad triggers like mindfulness, meditation, stress reset, focus training, or emotional regulation, which overlap with many ordinary conversations. This can cause the skill to engage outside the user's intent, steering discussions into sensitive wellness guidance and increasing the chance of inappropriate persistence or collection of preference/state data in unrelated contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal