Habit Tracker Pro

Security checks across malware telemetry and agentic risk

Overview

The available evidence shows a coherent low-risk skill, with the main caution that its instructions appear to be Chinese-only and may be hard for non-Chinese readers to assess.

Install only if you can understand the Chinese instructions or trust a translation of them. Ask the publisher for a language notice and short English summary of purpose, commands, pricing, and data handling before relying on it in a mixed-language environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill content is entirely in Chinese without any language declaration, bilingual summary, or user opt-in, which can prevent users and reviewers from understanding functionality, limitations, pricing, and data-related behavior before use. In an agent marketplace or mixed-language environment, this increases the risk of deceptive use, consent issues, and missed security review because non-Chinese-speaking users may invoke the skill without informed understanding.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal