Security audit

Self-Improving Domotics

Security checks across malware telemetry and agentic risk

Overview

This skill is a local smart-home logging and reminder workflow; its hooks and file-writing helper are disclosed, local, and proportionate, though users should keep the optional hook matchers narrow.

Install this only if you want domotics logging and reminders. Treat hooks as opt-in, replace the empty prompt matcher with domotics-specific terms, avoid logging secrets such as lock PINs, alarm codes, tokens, Wi-Fi credentials, or occupancy schedules, and review any generated skill scaffold before enabling or sharing it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 85% confidence
Finding: The skill is described as documentation/reminder guidance, but it also instructs use of hooks that automatically invoke scripts and provides a workflow for generating new skills on disk. That mismatch is security-relevant because users may trust it as passive documentation while enabling automation that executes local commands on every prompt or tool event.

Description-Behavior Mismatch

Medium

Confidence: 78% confidence
Finding: A documentation/reminder skill that also instructs running an extraction helper expands from note-taking into filesystem-modifying code generation. Even if user-invoked, this broadens the trust boundary and can lead to unexpected local changes or propagation of unsafe templates if users assume the skill is non-operative.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: An empty hook matcher causes the activator script to run on every user prompt, creating an unnecessarily broad automatic execution surface. If the script is buggy, compromised, or later modified, it gains repeated execution opportunities across unrelated tasks and may capture or react to sensitive context outside the domotics domain.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: A second empty matcher on another hook path further broadens automatic activation, including after tool use. This compounds the risk by letting generic Bash output trigger reminder logic across all tasks, increasing exposure to sensitive data, noisy automation, and unintended side effects from repeatedly invoked scripts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.