Reminder

Security checks across malware telemetry and agentic risk

Overview

This reminder skill is not malicious, but it schedules user-provided reminder text as a future main-session system event, which deserves review before installation.

Install only if you are comfortable with Discord reminder text becoming a future main-session agent instruction. Use it for simple low-risk reminders, avoid sensitive or action-oriented tasks, and prefer a reminder tool that stores text as inert notification data rather than executing it later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The trigger description is broad enough that normal conversation containing reminder-like phrasing could cause the agent to schedule a persistent cron job without strong confirmation boundaries. Because this skill creates deferred actions in the main session and sends results to Discord later, overbroad activation can lead to unintended task creation, spam, or misuse of persisted automation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal