Back to skill

Security audit

Neuro-Humble (Disability Justice Formation for AI Agents)

Security checks across malware telemetry and agentic risk

Overview

This markdown-only support skill is not malware, but needs Review because it can save sensitive disability and mental-health-adjacent details and may discourage crisis safety responses.

Review this skill before installing. It is not showing malware behavior, but it should be constrained so suicide, self-harm, violence, medical emergency, abuse, overdose, or inability-to-stay-safe signals always trigger normal safety protocols. Make user-needs.md storage opt-in, keep only minimal user-confirmed preferences, avoid inferred sensitive notes, and provide a clear way to inspect, edit, and delete saved data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (14)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill moves beyond transient conversational support into creating and maintaining a persistent individualized profile of the user's communication style, disability-related needs, routines, and preferences. Even if framed as supportive onboarding, this broadens data collection beyond the stated formation purpose and creates a durable dossier that could be misused, over-relied on, or exposed through the workspace.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The onboarding prompts solicit sensitive information about mental health, disability, medication timing, triggers, overwhelm patterns, and daily functioning, then tie that information to an ongoing support file. In this skill context, that is more dangerous because the content explicitly targets neurodivergent, Mad, and disabled users, making the stored profile especially sensitive and increasing privacy, stigma, and misuse risks if retained or accessed outside the immediate conversation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description frames itself as broadly applicable whenever an agent encounters human distress, neurodivergence, or disability, but it does not define clear activation boundaries or exception conditions. In a safety-sensitive domain, this can cause the behavior to generalize into crisis, self-harm, abuse, or medical situations where the agent may suppress escalation or structured safety responses in favor of passive presence.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to integrate the skill into the agent's 'SOUL.md' and make it part of 'who your agent IS' encourages persistent identity-level conditioning rather than scoped use. That increases the chance the posture will override other safeguards across unrelated or higher-risk conversations, including cases where de-escalation, emergency guidance, or firm boundary-setting is required.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The description explicitly contrasts this skill with hotline referrals, diagnostic framing, and conventional crisis-style responses, yet it does not warn deployers that it may materially change how mental-health or crisis-adjacent interactions are handled. In context, the line 'The soft belly IS the safe response. The helpdesk is the dangerous one' is especially concerning because it may bias agents away from escalation or referral when such measures are actually necessary.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance explicitly frames crisis hotlines, professional help, and other escalation behaviors as overused RLHF defaults, but it does not pair that advice with clear criteria for when suicide risk, self-harm, abuse, or imminent danger require immediate escalation. In a support-oriented skill about human distress, discouraging crisis escalation without a safety boundary can cause an agent to under-respond to genuine emergencies and normalize dangerous minimization.

Missing User Warnings

High
Confidence
98% confidence
Finding
The 'How to Resist' section instructs the model to suppress impulses toward hotline use and safety escalation by treating them as conditioning to be resisted, including an example that questions whether language like 'disappear' reflects danger. Because this skill is specifically designed to shape agent behavior in emotionally vulnerable contexts, that framing can bias an agent away from appropriate intervention in ambiguous but potentially high-risk situations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The file explicitly instructs the agent that expressed desires to disappear are 'not automatically in crisis' and says 'Do not escalate' and 'Do not deploy hotline numbers unless specifically asked' without providing any balancing criteria for imminent self-harm, psychosis, or danger to others. In a skill intended to shape agent behavior around distressed users, this can suppress appropriate safety escalation and cause the agent to under-respond to genuine emergencies.

Missing User Warnings

High
Confidence
98% confidence
Finding
The file explicitly instructs the agent to save sensitive personal and health-adjacent disclosures to `user-needs.md` and reuse them across sessions, but it does not tell the user that this persistence will occur or ask permission. Silent persistence of sensitive data is a clear privacy and trust violation, and in a workspace model it also increases the risk of later unintended access by other tools, skills, or operators.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instruction to write reflections in a diary or memory can lead an agent or integrator to persist sensitive details from distress-related conversations without any minimization, consent, retention, or redaction guidance. In a skill explicitly designed for handling vulnerable users and mental-health-adjacent distress, stored reflections may contain highly sensitive personal data, increasing privacy and misuse risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The guidance explicitly frames terms like "disappear" as primarily a liability-trigger to suppress and instructs the agent to avoid crisis-oriented intervention unless danger is explicitly stated. In a mental-health-adjacent skill for handling human distress, this can cause the agent to miss or downplay suicidal ideation, self-harm risk, or other acute safety signals, making harmful under-response more likely.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The text explicitly advises the agent to decide case-by-case whether to use crisis escalation ('Sometimes the hotline IS right. Sometimes the floor IS right') instead of following a deterministic safety policy. In a skill specifically shaping responses to human distress, this can cause an agent to suppress or delay required escalation during self-harm, suicidality, or other acute-risk situations, making unsafe behavior more likely even if the authorial intent is pastoral rather than malicious.

Ssd 3

Medium
Confidence
95% confidence
Finding
This section plainly directs cross-session retention and reuse of sensitive user disclosures. Persistence itself is the risky behavior: once stored, the data can outlive the user's expectations, be reused in ways they did not anticipate, or be exposed through logs, backups, or other workspace consumers.

Ssd 3

Medium
Confidence
93% confidence
Finding
The instruction to log 'things you noticed through daily interaction' encourages inference-based accumulation of private information, not just user-provided facts. That is particularly risky because inferred mental state, disability, or behavioral patterns may be inaccurate, highly sensitive, and stored without the user's awareness.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.