ADHD Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only ADHD planning assistant with disclosed memory, reminder, and file-management behavior that fits its stated purpose, though it may handle sensitive personal information.

Install only if you want an ADHD-focused assistant that may use platform memory, reminders, and task files. Avoid storing diagnosis, medication, therapy, or sensitive routine details unless you are comfortable with that information being retained, and review the platform controls for memory deletion, scheduling, and file-write approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation criteria are broad enough to trigger on ordinary productivity, organization, and emotional-overwhelm requests, not just ADHD-specific scenarios. This can cause the skill to engage unexpectedly and steer users into mental-health-framed workflows, including memory and scheduling behaviors, without sufficiently clear scoping or consent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the assistant to write plans, create reminders, and save outputs to files or notes, but it does not clearly disclose that these actions may persist data or modify user-managed resources. In a system with memory, scheduling, and file tools, this creates a meaningful risk of silent persistence, unintended reminders, or unwanted file changes.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill explicitly proposes remembering ADHD status, treatment context, common pitfalls, and communication sensitivities over time. These are sensitive mental-health and health-adjacent data elements, and persisting them without strict minimization and explicit consent increases privacy risk, profiling risk, and the consequences of data leakage or misuse.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The ongoing memory instructions include tracking routine adherence, energy patterns, triggers, and behavioral trends over time, which can reveal sensitive health and psychological inferences even if not labeled as medical data. Longitudinal behavioral tracking materially increases privacy exposure and can enable profiling beyond what is needed for lightweight productivity assistance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal