Morning Manifesto

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent morning-planning helper that updates expected productivity tools, but users should review parsed tasks before letting it make changes.

Install only if you want an agent to read and update your notes, reminders, and Linear-related task information. Before allowing sync actions, review the detected tasks and destinations, especially when your morning response contains ambiguous dates, names, or work items.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill performs automatic writes to an Obsidian note and modifies Apple Reminders based on a free-form user response, but it does not disclose these side effects or request confirmation before making changes. This creates a real risk of unintended modification of personal productivity systems, especially if parsing is inaccurate or the user does not realize the workflow will sync and update tasks across multiple tools.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal