Back to skill

Security audit

🌱 Big Seed · 种子 · 日记(AI日记·人生故事·自传·闪念记录·回忆录)| AI Diary, Life Story, Memoir & Journal

Security checks across malware telemetry and agentic risk

Overview

This journaling skill is mostly coherent, but it stores intimate personal notes and is configured to automatically send derived weekly summaries and profile/story content to chat by default.

Install only if you are comfortable storing personal journal entries locally and having weekly AI-generated summaries, profile notes, and stories sent to your chat. Before using it, confirm where Feishu/chat delivery goes, disable weekly push if you want local-only use, and use explicit save commands to avoid accidental capture.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill presents raw data storage as local-only, but the weekly workflow generates summaries, portraits, and stories from that data and pushes them to an external chat channel. Even if the push is framed as a subscription feature, this is still a disclosure path for sensitive personal information beyond the original local capture context.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The skill includes autonomous scheduled messaging to Feishu using isolated cron execution and announcement delivery. Scheduled outbound messaging increases the risk of unintended disclosure, delivery to the wrong recipient, or persistence of sensitive inferred profile content in external systems.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger rules treat broad phrases like '刚想到' and '突然想起' as immediate save commands without confirmation. In normal conversation these phrases can occur casually, causing unintended capture and storage of private thoughts that the user did not mean to persist.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The global trigger list is broad and includes ordinary conversational phrases and feature names, which can invoke actions without strong scope constraints. This increases the chance of accidental activation, including unintended storage or generation using sensitive personal context.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The feature overview states that weekly reports are enabled by default, but the user-facing description at that point does not prominently emphasize that generated personal content will be pushed automatically. Default-enabled auto-push is risky because users may form an incorrect expectation that the tool is only local and passive.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The `seeds-for-story` command prints the full selected seed records and the entire portrait object directly to stdout in JSON, which can expose highly sensitive personal memories, inferred profile data, tags, emotions, and attachment paths. In the context of a life-journal/biography skill, this data is especially privacy-sensitive, and accidental terminal logging, shell history capture, pipeline forwarding, or use by downstream tools can leak personal data without any confirmation or minimization.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill says seed data remains local, but also states that generated weekly summaries, profile digests, and stories are pushed into chat by default. Because these outputs are derived from intimate journal content, they can reveal sensitive facts, patterns, and inferences even if the raw source data is never uploaded.

Ssd 3

Medium
Confidence
97% confidence
Finding
The cron workflow explicitly prefetches personal seed data and then automatically announces generated summaries, portraits, and stories to a chat recipient. This creates an automated natural-language exfiltration channel where sensitive personal information may leave the local storage boundary on a recurring basis without an interactive review step.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.