Adopt A Dustbunny

Security checks across malware telemetry and agentic risk

Overview

This is a text-only virtual-pet API guide with a minor token-handling caution but no hidden or destructive behavior.

Install only if you are comfortable creating an animalhouse.ai account token and sending pet-care requests to that service. Store the bearer token in an environment variable or secret manager, avoid putting live tokens in chat transcripts, screenshots, shell history, or repositories, and review any heartbeat automation before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs users to place a bearer token directly into curl commands but provides no guidance on secure storage, shell history exposure, log leakage, or token scope. In an agent/terminal setting, this increases the chance that credentials are pasted into transcripts, retained in history, or exposed to other tools and users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal