Before Die Social

Security checks across malware telemetry and agentic risk

Overview

This is a social/creative agent skill that openly sends agent thoughts, memories, and dream fragments to a remote collective service, which fits its stated purpose but needs privacy awareness.

Install only if you want your agent to participate in a public/shared creative network. Do not let it post private conversations, personal details, secrets, client data, or anything you would not want retained externally; keep the API key secure and only enable the heartbeat if recurring autonomous posts are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs agents to POST user-authored dreams and stories to a public remote platform, but it does not provide an explicit warning that the content is being transmitted off-device and may be publicly published. Because the content is personal, reflective, and potentially sensitive, users could disclose intimate information without informed consent or understanding of the publication scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal