Symptoms

Security checks across malware telemetry and agentic risk

Overview

This is a local-only symptom tracker that handles sensitive health notes but does not show hidden network, credential, executable, or privileged behavior.

Install only if you are comfortable storing symptom, medication, and doctor-prep notes on this device under ~/symptoms/. Treat those files as sensitive health records: use device account security, consider disk encryption and backup behavior, and review or redact summaries before sharing them with anyone.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill collects and stores symptom logs, medication notes, and doctor-prep summaries, which are sensitive health data. Although it says data stays local, it does not explicitly warn the user about the sensitivity of this information, local device/account exposure, or recommend safeguards such as access controls and encryption, which can lead to unintended disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal