Back to skill

Security audit

Calm Down

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only calming-reminder skill with a real scope inconsistency, but it does not request code execution, credentials, data access, persistence, or external transmission.

Install only if you are comfortable with the agent adding brief grounding reminders during frustrated conversations. The publisher should fix the reference example so project stress or late-night timing alone does not trigger the skill, and users should be able to disable or ignore the reminder behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The examples broaden activation from 'frustration directed at the AI' to general distress and late-night overwhelm, which materially changes the detector's behavior from the stated scope. In a skill that appends psychological guidance, this can cause unsolicited emotional intervention in situations the product explicitly said it would avoid, increasing the risk of misclassification, user alienation, and inappropriate mental-state inference.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
This is a direct policy contradiction: the metadata says not to trigger on frustration about external situations, but the reference example instructs triggering on exactly that case. Such contradictions are dangerous because downstream agents often follow examples over prose, leading to systematic overreach into emotional-state detection and intervention beyond the approved scope.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The example response hardcodes a Chinese grounding message without stating that the reply should match the user's language or offer opt-in. In a skill that intervenes during frustration, forced-language output can confuse users, feel patronizing or manipulative, and reduce the clarity of already sensitive messaging.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.