Morning Routine

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only morning habit tracker that stores routine progress locally and shows no evidence of hidden access, exfiltration, or unsafe execution.

Safe to install for normal use. Use clear morning-routine commands when viewing or changing habits, and avoid recording personal details you would not want kept in local routine history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad phrases like "start my day" and "morning habits" that can easily appear in ordinary conversation unrelated to explicit skill invocation. This can cause unintended activation of the skill, leading to confusing behavior and possible exposure or modification of local routine data if users speak naturally rather than intentionally invoking the tool.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The usage examples rely on ambiguous commands such as "what's left," "change routine," and "show my streak," which lack clear scope boundaries and could be matched during normal conversation. In a skill that tracks habits and allows live modification of a stored routine, ambiguous commands increase the chance of accidental state changes or unintended disclosure of personal routine information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal