Clairvoyance

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform sensitive personal memory and dream analysis without a clearly disclosed consent gate or narrow activation scope.

Review this skill before installing. Use it only if you are comfortable with the assistant reading local memory files and dream notes, and prefer explicit prompts that let you choose exactly which files are analyzed. Avoid using it on journals, therapy notes, or other sensitive records unless the skill clearly asks for confirmation and shows the data scope first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger conditions are broad enough that the skill may activate without explicit, informed user intent, especially because it analyzes highly sensitive memory and dream data. In this context, unintended invocation increases privacy risk by causing the assistant to read and synthesize personal files when the user may only be asking for general reflection or perspective.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill states that it reads memory files and dream notes but does not present a prominent warning or consent prompt about accessing sensitive personal data. Because the accessed sources may contain intimate journals, subconscious themes, and long-term personal history, users may not fully understand the privacy implications before the skill operates.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal