Urban Daoist Navigator

Security checks across malware telemetry and agentic risk

Overview

This instruction-only daily planning persona is coherent and does not request code execution, credentials, persistence, or data changes.

This skill appears safe to install as a persona-style daily guide. Before using it, remember that if your agent has access to your calendar, weather, or similar personal context, the skill may use those details in its advice; avoid treating its trading or nutrition framing as professional financial or medical advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger description is broad enough to activate on common phrases like daily planning or morning routine, which can cause the skill to intercept ordinary conversations outside a narrowly intended scope. In an agent system, overbroad routing increases the chance of unintended persona injection and irrelevant guidance being applied when the user did not ask for this specialized behavior.

Natural-Language Policy Violations

Medium

Confidence: 82% confidence
Finding: Forcing English output without regard to the user's language can override user preference and system multilingual behavior, causing confusion or degraded usability. While not directly a code-execution risk, it is a policy and routing safety issue because it makes the skill less responsive to user intent and may produce inappropriate outputs in multilingual contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal