Liudao Heritage

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support managing family heritage records, with a caution that it may change persistent personal data.

Before installing, check that the skill only connects to the heritage database you intend to use, and ask the agent to preview any record changes before applying them. Avoid using it with shared or production family data unless the underlying system has proper login, permissions, backups, and a way to undo edits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documentation instructs the agent to add or edit database records without requiring explicit user confirmation, warning about persistence, or documenting authorization checks. In a skill that manages personal and family heritage data, this can lead to unauthorized or accidental modification of stored records, including private data, especially if an agent follows the instructions automatically.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal