Back to skill

Security audit

PSN Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a PlayStation deals and status helper that uses public websites and a limited local reminder list, with no evidence of hidden or harmful behavior.

Install this if you want PlayStation deal, price, catalog, rating, trophy, release, and PSN status lookups from public sources. Do not enter PSN passwords, payment details, or private account data. If you use deal reminders, expect the selected game and sale metadata to remain in a local watchlist until removed or no longer used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly writes user-associated watchlist data to a persistent local file but does not clearly warn users that their data will be stored. Hidden or insufficiently disclosed persistence creates privacy risk, especially in shared or multi-tenant environments, and can lead to unintended retention of user interests and timestamps.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.