Back to skill

Security audit

Parent.skill

Security checks across malware telemetry and agentic risk

Overview

This is a local parenting log that handles sensitive child details but is transparent about that purpose and shows no hidden network, executable, or destructive behavior.

Install this only where the caregivers who should see the child's routine can access it. Be explicit when asking for summaries or adding entries, avoid unnecessary medical or identifying details, and protect or delete the local ~/.parent-skill/children/ folder when access should change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The Query Mode trigger is defined broadly as any parent question such as 'when did she last eat?' or 'what usually works at bedtime?', which can overlap with ordinary conversation and cause unintended invocation. In a shared caregiver setting, this increases the chance of exposing a child's logs, routines, or inferred patterns to the wrong person or in the wrong context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Briefing Mode accepts vague requests like 'how was her day?' and 'what did I miss?' without defining whose day, what time window, or which child/profile is in scope. On a shared device with multiple caregivers, this ambiguity can lead to overbroad disclosure of sensitive household or child data beyond what the current user intended to request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This template solicits highly sensitive information about a child and associated caregivers, including birth date, feeding and sleep patterns, milestone history, and caregiver notes, but provides no privacy notice, data minimization guidance, or handling/storage safeguards. In a shared family/caregiver context, this increases the risk of oversharing, unauthorized access, profiling of a minor, and accidental disclosure of health-adjacent personal data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.