Security audit

Leo's Reading Notes

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed reading-notes helper that can save local notes and reminders, with privacy cautions but no evidence of hidden, destructive, or unrelated behavior.

Install this only if you want the agent to search for book text, create and update local reading-notes files, store personal reflections, and potentially remind you at 21:00 about unfinished note internalization. Be cautious when casually discussing books if you do not want notes saved.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are very broad and map to common conversational language, so the skill may activate during ordinary discussion without the user intending to invoke note-taking behavior. In this skill's context, unintended activation can lead to unnecessary data collection, searching for book content, and note creation from casual or private remarks.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The instruction to immediately enter a special mode once triggered provides no boundary checks, confidence threshold, or user confirmation, which makes accidental mode switching likely. In combination with the broad triggers, this increases the chance of the assistant taking actions the user did not authorize, including external lookup and persistent storage.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill directs the agent to create or update files but does not require prior user notice or consent before writing to persistent storage. That creates a risk of unauthorized retention of user-provided content, potentially including sensitive personal reflections, work information, or copyrighted excerpts.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The scheduled 21:00 reminder workflow implies recurring access to previously stored notes and state files, but the skill does not clearly disclose that ongoing monitoring, reading, and status updates will occur. Persistent background processing of user notes increases privacy risk and can surprise users who did not knowingly consent to continual review of their stored data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal