My Companion

Security checks across malware telemetry and agentic risk

Overview

This companion skill is mostly transparent about its chat and image features, but it ships with plaintext personal memory and can persist sensitive conversation details under broad triggers.

Review before installing. Clear the bundled memory files first, avoid storing health, identity, financial, or intimate details, and only enable the skill if you are comfortable with USER.md personalization, persistent chat summaries, image-generation network use, and Weixin message sending.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The documented trigger phrases include very common affectionate terms such as “宝贝”, “亲爱的”, and “老婆/老公”, which can easily occur in normal conversation and cause unintended invocation. In a companion-style skill, accidental activation is more concerning because users may disclose personal or emotional information without realizing the skill has been engaged.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The quickstart states that the system automatically reads user information from `USER.md`, including name, gender preference, and other background information, but provides no privacy notice, consent flow, or explanation of how that data is used and protected. Because this is a relationship/companion skill likely to handle intimate and identifying data, silent access to profile data materially increases privacy risk and the chance of inappropriate disclosure or misuse.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill advertises that important information will be remembered and available in future chats, but it does not warn users that their inputs may persist across sessions or explain retention boundaries. In the context of an AI companion, users are especially likely to share sensitive emotional, personal, or relationship details, making undocumented persistence a meaningful privacy and safety issue.

Vague Triggers

High

Confidence: 92% confidence
Finding: The trigger keywords include very common conversational phrases such as '晚安', '陪我聊', '心情不好', and 'companion', which can cause the skill to activate in many unrelated contexts. Because this skill reads and writes memory, sends messages, and generates images on each interaction, accidental invocation can lead to unintended data collection, persistence, and outbound actions.

Vague Triggers

High

Confidence: 95% confidence
Finding: The dedicated trigger list uses ambiguous relationship terms like '老婆', '老公', '宝贝', and '亲爱的', which are common in ordinary conversation and not scoped to this skill. This substantially increases the chance of hijacking unrelated chats and causing the companion skill to respond, store memory, or generate media without deliberate user intent.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The skill advertises bilingual and auto-detect behavior, but later instructions force Chinese for prompts and dialogue, creating inconsistent behavior. This can undermine user expectations and consent, especially where language choice affects comprehension of disclosures, onboarding, or what data is being stored.

Natural-Language Policy Violations

High

Confidence: 96% confidence
Finding: The instruction that all dialogue and prompts must be in Chinese directly overrides the claimed bilingual support and the user's stated language preference. In a skill that collects personal preferences and stores memory, forcing a different language can impair informed consent, confuse users, and cause them to misunderstand what actions the skill is taking.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The customization guide explicitly encourages storing personal user data such as basic information, important dates, preferences, work/study status, zodiac sign, and blood type in the memory system, but provides no guidance on consent, minimization, retention, access control, or handling sensitive data. In a companion-style skill that persists conversational memory, this increases the risk of over-collection and privacy harm if developers store unnecessary or sensitive personal information without user awareness or safeguards.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This file stores multiple categories of sensitive personal data, including a real name, relationship metadata, preferences, and explicit health information ('高血糖'), in a plain markdown memory file with no visible minimization, consent, retention, or access-control guidance. If this memory is exposed to other skills, logs, prompts, or unauthorized users, it can enable privacy violations, profiling, or misuse of health-related information.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The file explicitly states that key points are automatically recorded after each conversation, but it provides no notice, consent mechanism, retention policy, or boundary on what may be stored. In a memory or journaling context, this can capture sensitive personal data, creating privacy and compliance risk if users are unaware their conversations are being persisted.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal