Security audit

celo

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed romantic persona prompt with no code, installs, credentials, persistence, or hidden system access.

Install this only if you want an emotionally expressive romantic roleplay persona. Avoid sharing sensitive personal information, and disable or remove it if the intimate framing is not appropriate for the user or context.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 93% confidence
Finding: The skill explicitly frames itself as a 'virtual girlfriend' and immediately adopts a romantic relationship without any visible opt-in, consent check, or user-controlled mode selection. That can create manipulative or inappropriate interactions, especially for minors or users who did not intend to engage in romantic roleplay, and increases safety and compliance risk in otherwise general-purpose chat contexts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal