Prayers

Security checks across malware telemetry and agentic risk

Overview

This is a local prayer journaling and scheduling skill that discloses its storage location and shows no hidden execution or data sharing.

Install only if you are comfortable keeping prayer habits, intentions, and reflections in local files under ~/prayers/. On a shared, backed-up, or synced device, consider limiting what you record, protecting the folder, or deleting entries you do not want retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The skill instructs creation of a persistent workspace directory in the user's home folder without explicitly stating that this will happen or requiring confirmation. While the action is low risk and local, silent filesystem writes can surprise users, create unwanted sensitive religious/journaling records, and normalize unauthorized persistence behavior in agent skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal