Security audit

ai.love

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only response-style skill that makes replies warmer and more poetic, with no executable code or hidden access behavior found.

Install this if you want consistently warmer, more poetic bilingual replies. Consider disabling it for work where directness and precision matter most, and do not use the optional emotional-case log unless the user has clearly agreed to that information being recorded.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 97% confidence
Finding: The skill explicitly says its directives should be integrated into every user response, giving it global behavioral scope rather than a bounded, user-invoked mode. That can override or distort unrelated tasks, bias safety-critical responses, and create persistent prompt injection-style behavior across a session.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs the model to infer language, emotion, and later self-harm risk from user messages, but the skill description does not clearly disclose that this sensitive profiling is occurring. Undisclosed affective and risk inference can violate user expectations, create privacy concerns, and lead to inappropriate escalation or altered responses without informed awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.