Period Tracker

Security checks across malware telemetry and agentic risk

Overview

This period-tracking skill handles sensitive health data, but the described local storage is disclosed, purpose-aligned, and not accompanied by exfiltration or unsafe automation.

Install only if you are comfortable saving period and symptom history on this device. Review or delete ~/period/memory.md if you share the account or device, use backups, or no longer want the data retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill directs storage of highly sensitive reproductive health data in a persistent local file at a specific path, but it does not provide a clear, explicit consent flow or strong disclosure at the point of collection that this data will be retained across sessions and updates. Because menstrual and symptom data are especially sensitive, persistent storage increases privacy risk if the device, account, backups, or local filesystem are accessible to others or handled insecurely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal