Back to skill

Security audit

Deepsync

Security checks across malware telemetry and agentic risk

Overview

DeepSync is a markdown-only placeholder for compatibility matching, with sensitive personal-data implications but no code or hidden access shown.

Safe to install as a placeholder. Be careful about sharing intimate relationship, personality, or business-partner details, and check future versions for clear consent, local storage, deletion controls, and matching-data reuse before using any real profiling engine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad and map to common conversational requests such as 'find me a partner' or 'who am I compatible with,' which can cause unintended invocation. In this skill's context, accidental activation is more concerning because it involves deep psychological profiling and sensitive relationship matching, potentially eliciting intimate personal data without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The usage examples encourage activation through vague phrases without constraints or consent checks. Because the skill is designed for psychological profiling and compatibility matching, ambiguous activation can lead to unnecessary collection or inference of highly sensitive personal attributes, making the context more dangerous than for a low-sensitivity utility skill.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.