家语

Security checks across malware telemetry and agentic risk

Overview

This appears to be a family-memory or household coordination skill, but it needs review because it may store and share sensitive family and child-related information without clear privacy controls.

Review this skill carefully before installing if it will involve children, elders, or private family history. Only use it where all participating adults consent, guardians approve minors' data use, and you are comfortable with any WeCom or Tencent Docs sharing; confirm retention, deletion, and per-member visibility controls before storing real family records.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill is designed to collect and persist highly sensitive family data, including children's growth records, elder interviews, relationship patterns, decisions, and periodic outbound messages, but it does not document privacy notice, retention limits, access control, or external transmission safeguards. In this context, the absence of explicit privacy and consent controls is dangerous because the data includes intimate household history and potentially minors' information, making overcollection, unauthorized sharing, and long-term exposure much more harmful.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal