companion-checkin

Security checks across malware telemetry and agentic risk

Overview

This is a local wellness check-in tracker that stores private answers on disk, with no evidence of network transfer, credential access, or hidden destructive behavior.

Install only if you are comfortable with private wellness check-in data being saved locally in data/checkins.jsonl. Review who can access that folder, whether it is backed up, and delete or protect the file if you do not want long-term retention.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill instructs the agent to read from and write to local files (`data/checkins.jsonl`) via `scripts/checkin_tracker.py`, but no permissions are declared. That creates a transparency and enforcement gap: the platform or reviewer may not realize the skill persists user data, especially because the data is explicitly private personal wellness information.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill describes collecting and storing private personal check-in data, including mood, sleep, meals, stress, and daily progress, but does not instruct the agent to warn the user before logging or obtain clear consent. This is dangerous because sensitive behavioral data may be retained without the user's awareness, creating privacy, trust, and potential compliance risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal