Security audit

Personal Energy Manager

Security checks across malware telemetry and agentic risk

Overview

This is a simple personal energy coaching skill with no code, installs, credentials, or hidden system access.

Install only if you want general energy-management and task-planning coaching. Avoid sharing detailed health records or sensitive personal logs unless you are comfortable with your chat environment’s data handling, and seek medical advice for chronic fatigue, illness symptoms, or mental health concerns.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill's activation criteria are very broad and can cause it to engage in many loosely related conversations without clear boundaries or negative examples. This increases the chance of inappropriate routing, over-application of the skill, and user confusion, though it does not directly enable code execution or data exfiltration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.