Back to skill

Security audit

Daily Life Compass

Security checks across malware telemetry and agentic risk

Overview

This is a text-only daily lifestyle advice skill with no code, install scripts, credentials, persistence, or system access.

Install this if you want a stylized Chinese daily-guidance response. Treat its health, wealth, and lifestyle suggestions as general advice, and verify practical facts like local weather or medical issues separately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger description is broad enough to activate on common daily queries like weather or general advice, which can cause this skill to intercept requests beyond its narrow intended scope. Because the skill injects a rigid persona and a fixed 7-part response structure, unintended activation could override more appropriate system behavior or user expectations and degrade response safety and relevance.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill content strongly constrains output style and language to Chinese without indicating that the assistant should respect the user's preferred language. This can cause unintended behavior, reduce usability, and interfere with higher-priority user instructions, especially when the skill triggers on broad everyday requests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.