Popeye Health

Security checks across malware telemetry and agentic risk

Overview

This is a simple Chinese wellness advice skill with no code execution or data access, but its health guidance should be treated as general advice.

Install looks reasonable for general wellness help. Avoid sharing more personal health detail than needed, and consult a doctor, dietitian, or certified trainer before following advice if you have injuries, chronic illness, pregnancy, significant pain, severe sleep problems, or other medical concerns.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The module asks users to provide body condition and injury status, then offers exercise plans without any explicit warning to seek medical or professional guidance when injuries, chronic conditions, or limited fitness experience are involved. In a health and fitness context, this omission can lead users to follow inappropriate exercise advice and worsen existing conditions or cause new injury.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The module is triggered by generic phrases such as '改善睡眠', which are common in ordinary conversation and can cause the skill to activate unintentionally. This can lead to misrouting user requests, unexpected behavior, or inappropriate health advice being injected into unrelated conversations, though the impact is limited by the non-privileged, advisory nature of the skill.

Natural-Language Policy Violations

Medium

Confidence: 76% confidence
Finding: The skill content is written to operate only in Chinese and does not offer a language choice or state a justified locale restriction. This can cause users to misunderstand health guidance or receive unusable advice if they interact in another language, creating safety and usability risks in a health-related context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal