Back to skill

Security audit

全息人生实验场

Security checks across malware telemetry and agentic risk

Overview

This skill is a life-coaching assistant, but it requests broad personal-account syncing, persistent profiling, scheduled background work, and automatic messaging that need careful review before use.

Install only if you intentionally want a persistent life-logging and relationship-coaching assistant. Before use, limit connected platforms, avoid payment/work accounts unless necessary, inspect or disable scheduled jobs, choose a private storage directory, and regularly review or delete stored profile and memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (39)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The README promises that data is kept locally and 'never leaked' while the skill explicitly accesses external platforms and communication channels to collect and act on personal data. This is a misleading privacy assurance that can cause users to grant broad permissions without understanding the real exposure and transfer risks.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
Claiming to be a 'privacy guardian' conflicts with documented behavior that requires access to external platform data and messaging services. In a relationship/emotional-support skill handling intimate personal information, contradictory privacy messaging materially increases the risk of uninformed consent and overcollection.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly proposes detecting behavior-pattern changes, including abnormal routines and consumption-pattern changes, which expands monitoring beyond the core relationship/emotional-support purpose into broad personal surveillance. Because this assistant also syncs multi-platform data and stores historical memory, these triggers could enable sensitive inference about health, finances, or lifestyle without clear purpose limitation or explicit consent.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The guide instructs the assistant to read all files in a configured storage directory, use broad historical personal data, and push for additional platform authorization when data is insufficient. In a relationship/emotional-support skill, this creates disproportionate data collection and function creep beyond what is necessary to answer a user query, increasing the risk of privacy invasion and unauthorized profiling.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The cold-start script tells the assistant to directly launch a browser and guide the user through login/authorization to real accounts. This grants the skill a pathway to access sensitive third-party account data and normalizes credential-adjacent flows for a counseling-style tool, which is unnecessarily risky and could enable phishing-like behavior or overbroad account access.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The guide requires automatic creation of recurring scheduled tasks such as hourly syncs and periodic reports, including on first launch. Persistent background automation expands the skill's reach beyond a user-initiated conversation and can continuously process personal data without contemporaneous awareness, increasing surveillance and persistence risks.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The workflow directs the agent to open a browser and guide the user through third-party logins so it can collect cross-platform behavioral data, including from services unrelated to the core counseling function. Even with nominal consent, this materially expands the skill into broad surveillance/data aggregation and increases the chance of credential exposure, overcollection, and misuse of highly sensitive personal activity data.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The listed platforms include payments, shopping, and job-seeking services, which can reveal finances, employment status, and other highly sensitive traits not necessary for relationship/emotional support. Collecting these signals creates disproportionate privacy risk and enables invasive profiling beyond the user’s reasonable expectations for this type of skill.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Allowing local storage of direct identifiers such as ID numbers, names, phone numbers, and addresses creates significant privacy and security risk, especially when the skill also maintains persistent profile and memory files. Local-only storage does not eliminate the danger; compromise of the host, logs, backups, or downstream tooling could expose highly sensitive PII without clear necessity for the stated function.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The monthly report explicitly includes消费分析 and行车记录, which broadens the skill from relationship/emotional support into continuous surveillance of highly sensitive behavioral data. In this context, that expansion is not necessary for the declared purpose and increases privacy harm, especially when combined with automatic scheduled delivery.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The instruction to优先寻找用户感兴趣的内容 turns the hourly sync into an engagement or recommendation mechanism rather than a narrowly scoped support workflow. With automatic outbound delivery, this can drive manipulative or excessive contact based on inferred interests from synced personal data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README encourages cross-platform personal data collection but does not clearly warn users about the sensitivity of the data, the scope of collection, or the privacy consequences. Because this skill is designed to build a persistent psychological and relationship profile, the collected data is especially sensitive and misuse could expose behavioral, social, and emotional details.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises proactive communication and scheduled pushes without a prominent warning that the skill may initiate messages autonomously. This can surprise users, create privacy or social-engineering risk through unsolicited outreach, and is more dangerous in messaging environments such as WeChat/QQ where messages may appear highly trusted.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The troubleshooting guidance directly tells users to ask the skill to retrieve personal data from platforms like Douyin without any accompanying privacy, consent, or scope warning. This normalizes broad data extraction in casual language and may lead users to expose sensitive account data or authorize access they do not fully understand.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill markets itself for a very broad set of everyday and sensitive scenarios—relationships, emotions, career, planning, and proactive care—without defining clear activation boundaries or user consent checkpoints. In a context that also references memory, profiling, syncing, and scheduled tasks, this ambiguity can cause over-collection, overreach, or unexpected autonomous behavior in situations users may not realize are in scope.

Missing User Warnings

High
Confidence
97% confidence
Finding
The description explicitly advertises automatic multi-platform personal data synchronization, historical memory storage, daily profiling, periodic reports, and proactive care, but provides no visible privacy warning, retention limits, or consent model in this file. Because the skill operates on intimate relationship and emotional data, this creates a substantial risk of excessive collection, cross-context aggregation, and unexpected persistence of highly sensitive personal information.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger language is broad and underspecified, allowing the system to decide on its own when a 'behavior pattern change' or 'goal/state gap' warrants a push. In practice, vague triggers can cause intrusive, excessive, or unexpected notifications based on sensitive inferences, especially in a system that aggregates cross-platform personal data.

Missing User Warnings

High
Confidence
97% confidence
Finding
The document instructs the skill to connect authorized platforms, profile users, and send precision-targeted content, but it does not disclose what data is collected, how it is analyzed, or the privacy consequences of proactive recommendations. This is dangerous because users may grant access without understanding the scope of profiling, cross-platform aggregation, and downstream automated decisions affecting what they are shown.

Vague Triggers

Medium
Confidence
93% confidence
Finding
将“用户主动询问”作为触发条件但不限定明确意图、关键词或上下文边界,容易把普通对话误判为请求生成报告。该技能又面向关系、消费、行车、历史记录等高敏感场景,一旦误触发,可能在未充分确认用户意图时汇总、推断并披露敏感画像。

Vague Triggers

Medium
Confidence
92% confidence
Finding
月度报告同样以模糊的“用户主动询问”作为触发依据,缺少对询问内容、范围和排除条件的限定。月报通常覆盖更长时间窗口和更全面的行为数据,误触发时会放大隐私暴露和不当推断的范围。

Missing User Warnings

High
Confidence
97% confidence
Finding
文档明确说明基于用户行为数据、历史记录以及消费、行车、关系互动等敏感数据生成报告,却没有配套说明数据来源、用途、保留期限、共享范围、用户控制权和潜在隐私后果。这会导致用户在缺乏知情同意的情况下被持续画像、推断情绪与关系状态,风险在该技能“多平台自动同步、历史记忆存储、每日画像更新”的上下文中显著升高。

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document specifies importing tasks from external platforms after user authorization and automatically syncing/parsing task data, but it gives no warning about what data will be accessed, retained, or shared. In a skill centered on highly personal life management and relationship support, this omission can lead users to grant broad access without understanding privacy consequences or the scope of continuous data ingestion.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file describes proactive push reminders, context-aware notifications, hourly checks, and daily previews without informing users that the system may monitor schedules continuously or send ongoing notifications. Because this skill operates in sensitive personal domains, undisclosed background monitoring and nudging can create privacy, autonomy, and trust risks, especially if reminders reveal private activities on shared devices.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file mandates reading and persisting extensive user information across profile, facts, inferences, todos, and sync state, but does not require a clear user-facing notice before collection or storage in this workflow. For a highly sensitive domain involving emotions and relationships, silent persistence and inference-building materially increase privacy, retention, and secondary-use harms.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions call for automatic scheduled tasks without an accompanying requirement to notify the user or obtain consent. Because these tasks trigger continued syncing and reporting outside the immediate interaction, the absence of clear notice undermines informed consent and can lead to unexpected ongoing monitoring.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.