Temporal Time Manager

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed time-management integration that uses a user API token to manage tasks, schedules, and ideas on aitimemg.cn.

Install only if you want an assistant to manage your aitimemg.cn tasks, schedules, and ideas. Keep TEMPORAL_API_TOKEN private, verify the base URL, avoid storing secrets in task or idea text, and require confirmation before updates or deletes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The example invocations are broad, natural-language requests like viewing today's tasks, creating a task, or capturing an idea, without documenting explicit activation boundaries, confirmation requirements, or disambiguation rules. In an agent setting, this can cause overbroad tool invocation from ordinary conversation and lead to unintended reads or writes to the user's task and schedule data on the remote service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal