Back to skill

Security audit

Longevity Assistant

Security checks across malware telemetry and agentic risk

Overview

This longevity skill does not show malware-like behavior, but its broad health triggers and reported protocol-style dosing make it risky enough for manual review.

Install only if you want a research-literacy aid, not a substitute clinician. Avoid using it to choose doses, build supplement stacks, interpret abnormal labs, or make medication and chronic-condition decisions without medical review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill frames itself as educational, but then provides concrete dosing, schedules, and intervention protocols for medical-adjacent supplements and behaviors. In a health context, this can cause users or downstream agents to treat the content as individualized medical guidance despite the disclaimer, increasing risk of adverse effects, contraindications, and unsafe self-experimentation.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The non-prescription disclaimer is undermined by nearby prescriptive content such as exact amounts, frequencies, timing windows, and pairing instructions. This mismatch is dangerous because it creates a false sense of safety and compliance while still delivering actionable medical-style instructions that users may follow without clinical review.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation description is broad enough to trigger on common health and supplement questions, which can route ordinary users into a specialized skill that contains actionable medical-adjacent guidance. In context, overbroad activation increases the chance that the skill is invoked outside appropriate research-evaluation use and used as de facto health advice.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes ambiguous and popular consumer-health terms without scope boundaries, making accidental or overly broad activation likely. Because the skill contains protocol-like content, broad triggering raises the probability of users receiving unsafe or overconfident wellness guidance in situations that should instead be handled by general safety triage or a clinician.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.