Daily Diary

Security checks across malware telemetry and agentic risk

Overview

This diary skill is a disclosed local journaling workflow, but users should configure scheduling and delivery carefully because it summarizes private conversations.

Install only if you are comfortable with the agent summarizing your daily conversations into local diary files. Before enabling the cron example, set your own timezone and deliver drafts only to a private channel or yourself; review the 24-hour unreviewed auto-save behavior if you require explicit confirmation before any diary file is stored.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Natural-Language Policy Violations

Low

Confidence: 92% confidence
Finding: The cron example hard-codes the timezone to `Asia/Shanghai` without any indication that this value is user-derived or requires explicit opt-in. In a diary skill, an incorrect timezone can trigger journaling at the wrong local time, cause entries to be generated for the wrong day, and unintentionally expose activity timing or locale assumptions through scheduling behavior and delivery.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal