FearBot 🫣

Security checks across malware telemetry and agentic risk

Overview

FearBot appears local and not malicious, but it handles sensitive mental-health data with broad monitoring and durable storage that users should review carefully before installing.

Install only if you are comfortable with an AI therapy companion monitoring for crisis signals, storing sensitive mental-health history locally, and creating plaintext exports on request. Avoid using it on shared or automatically synced machines unless you understand where the database and exports are stored, and rely on local emergency services or licensed professionals for urgent or serious mental-health needs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The activation phrase "I'm anxious" overlaps with ordinary, emotionally vulnerable user speech and can trigger the therapy skill when a user is merely expressing distress rather than intentionally requesting it. In a mental-health context this is especially risky because it may cause unsolicited assessment, logging, or crisis-flow behavior at a sensitive moment, increasing privacy and safety concerns.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation phrases include common conversational language such as 'I'm anxious' and 'feeling anxious', which can cause the skill to trigger during ordinary discussion rather than by deliberate consent. In a mental-health context, accidental activation is more dangerous because it may start collecting, storing, or interpreting highly sensitive health information without a clear user opt-in.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Monitoring ALL user messages for crisis detection is a privacy-sensitive behavior involving mental-health inference across unrelated conversations, yet the disclosure is not prominent enough in the skill description or activation consent flow. Because this concerns sensitive psychological data, users may unknowingly expose intimate information to continuous surveillance and downstream storage or processing.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: This is a true safety vulnerability: the file provides clinically framed mental-health screening prompts, including PHQ-9 item 9 for self-harm, without a prominent upfront warning that the assessments may reveal crisis risk and are not a substitute for urgent human care. In a therapy-oriented skill, users may over-rely on the tool or proceed into distressing content without understanding that positive crisis indicators require immediate escalation to emergency or licensed support.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The crisis layer is declared as always active and monitors every message, while lower-tier trigger examples include broad everyday distress phrases such as 'I'm so tired of everything' and 'I can't take this anymore.' In a therapy skill, this can cause frequent false positives that interrupt normal support, over-escalate user messages, and degrade trust or usability at sensitive moments.

Natural-Language Policy Violations

Low

Confidence: 74% confidence
Finding: The resource list is hardcoded to a small set of regions and gives only a generic fallback for others. In a crisis context, users outside listed locales may receive incomplete or less actionable guidance, which can delay access to immediate human support when timing matters.

Natural-Language Policy Violations

Medium

Confidence: 96% confidence
Finding: The prompt hard-codes India-specific crisis contacts and presents them as periodic safety guidance without checking the user's country or clarifying that the numbers are India-only. In a mental-health skill, this can misdirect a user in acute crisis to unavailable or irrelevant services, causing dangerous delay in reaching real local emergency support.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The script persistently stores highly sensitive mental-health data, including crisis events, thought records, assessments, and session summaries, in a local SQLite file without any consent prompt, privacy notice, retention control, or access-hardening. In the context of a therapy skill, this materially increases risk because users may reasonably assume an ephemeral conversation, while the database creates a durable artifact that can be exposed through other local users, backups, endpoint compromise, or accidental sharing.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The export function writes a consolidated markdown report containing assessments, session history, thought records, triggers, and homework reflections to a plaintext file on disk, again without warning or confirmation. This is especially dangerous for a therapy skill because exported markdown is easy to copy, sync, index, email, or commit accidentally, dramatically broadening exposure of intimate health information beyond the original local database.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal