Security audit

Sedentary Reminder

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only sedentary-break reminder skill, with disclosed local reminder-state updates but no code, credentials, network access, or hidden behavior.

Install only if you want an agent to help design or run sedentary-break reminders. If you wire it into heartbeat or automation, keep memory/heartbeat-state.json local, review the stored fields, require clear commands for state changes, and provide a simple way to pause, inspect, undo, or reset the reminder state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document explicitly instructs the agent to directly persist changes to `memory/heartbeat-state.json` from a single natural-language utterance, but does not require any confirmation, authorization boundary, or user-facing disclosure that durable state will be modified. In a reminder-control skill this increases the chance of unintended or socially engineered state changes that silently alter future behavior, making the issue more dangerous in context because the whole skill is designed around low-friction state mutation.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The pause-control examples include broad everyday phrases such as '先别提醒我' and '今天先静音', which can plausibly appear in ordinary conversation without an explicit command intent. In a reminder-control skill, ambiguous natural-language triggers can cause unintended disabling or suppression of reminders, undermining user expectations and making the control plane too easy to activate accidentally.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The profile-switching examples include vague phrases like '改成温和一点' and '提醒勤一点' without defining scope or requiring explicit reference to sedentary reminders. Those phrases could be misinterpreted during normal conversation and silently alter reminder cadence, which affects system behavior in a way the user may not have intended.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The workState switch examples are ordinary status statements like '我现在在开会' and '我接下来要专注', which users commonly say for informational context rather than as control commands. Treating such statements as direct state mutations can suppress or alter reminders unintentionally, making the system overly reactive to conversational context and reducing reliability of user controls.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The 'already took a break' triggers are highly colloquial and directly reset key timing fields like `lastBreakAt` and `estimatedSittingStartAt`. If matched accidentally, they can erase accumulated sitting duration and delay needed reminders, which is particularly risky in a health-reminder skill where missed reminders are the main failure mode.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.