Security audit

Mio智能聊天

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent chat companion, but it needs review because it persistently profiles user chat habits and exposes that data without clear user controls.

Install only if you are comfortable with local profiling of your chat timing and interests. Prefer a version that requires explicit opt-in for habit learning and proactive messages, narrows the trigger phrases, and provides clear controls to disable the feature and delete stored habit data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill enables proactive triggering based on vaguely defined 'habit-based dynamic judgment' without clear guardrails, consent boundaries, or rate limits. In an agent context, ambiguous autonomous activation can lead to unexpected user contact, privacy-invasive monitoring, and actions occurring outside clear user initiation.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill states it records user active times, topic preferences, and chat patterns, but does not disclose consent, retention, access controls, or user choice. This creates a meaningful privacy risk because behavioral profiling is being performed and stored in data files without transparent notice or user control.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are extremely generic everyday terms such as '聊天', '任务', and '想聊', which makes accidental invocation likely during normal conversation. In a skill designed for proactive chat and task distribution, broad triggers increase the chance the agent activates without clear user intent, causing unintended task execution, context switching, or privacy-impacting interaction.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The description indicates Chinese-language behavior is assumed by default, with no visible language selection or user opt-in. This can cause consent and usability problems by steering interactions into a language the user did not choose, increasing the risk of misunderstanding instructions, permissions, or task-related actions.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill persistently stores conversation-derived behavioral data, including timestamps, active hours, and inferred topics, to local disk without any consent, disclosure, retention policy, or access controls. Even though it is not overtly malicious, this creates a privacy and security risk because sensitive user behavior patterns can be exposed through filesystem access, backups, logs, or later reuse beyond user expectations.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill records user interaction history and inferred habits, then exposes that collected data through getStatus() via habitStats. In context, this makes the privacy issue more dangerous because the same component both stores behavioral data and provides an easy API path to retrieve it in plain form, increasing the chance of unintended disclosure to other components, logs, or unauthorized callers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal