Back to skill

Security audit

Personal Ontology

Security checks across malware telemetry and agentic risk

Overview

This skill appears legitimate, but it needs review because it can read, summarize, and persist sensitive personal notes with broad and partly automated scope.

Install only if you are comfortable letting an agent read selected personal notes and use extracted beliefs, goals, predictions, and quotes in future assistance. Before running bootstrap or daily scans, choose a narrow folder scope, exclude private journals or archives if needed, require review before every file write, and know where suggestion, ontology, and local state files are stored so you can edit or delete them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to perform ongoing passive scans of sensitive personal data sources including notes, calendar, journal, and task completions, but does not provide a clear privacy notice, consent boundary, retention rule, or scope limitation. In a personal-ontology context this is especially sensitive because the collected data can reveal beliefs, values, health, relationships, and behavioral patterns, creating a meaningful privacy and over-collection risk.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The setup section says the agent will write or merge confirmed objects into ontology files, but it does not clearly warn users that files will be modified or describe how conflicts, overwrites, and merge behavior are handled. Even with 'no auto-commit' during candidate generation, unclear write semantics can lead to unintended file changes, corruption of notes, or user surprise in a sensitive personal knowledge base.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to create and save `Ontology_Suggestions.md` in the user's notes folder before an explicit review gate about file modification. Even though the content is framed as suggestions rather than auto-committing ontology Objects, it still alters user data and may expose extracted sensitive quotes in a persistent file the user did not specifically approve writing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs a deep scan of the user's vault, explicitly prioritizing journals, drafts, archived notes, and other highly sensitive material, but does not provide a strong upfront privacy warning or require granular scope selection. This creates a real risk of over-collection of intimate personal data, including beliefs, goals, spirituality, and historical notes, beyond what the user may reasonably expect from a bootstrap operation.

VirusTotal

VirusTotal findings are pending for this skill version.

Static analysis

No suspicious patterns detected.