生命之书 (Life Book)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent biography tool, but it is flagged for review because it tells the agent to automatically save sensitive life details and its privacy promises understate network activity.

Install only if you are comfortable with the agent saving personal life details in plaintext on disk. Before using it, set a rule that entries are saved only after your explicit approval, avoid importing broad folders, treat web searches and URL imports as external network activity, and review or delete stored files before sharing or syncing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The documentation claims that all data is stored locally, yet the examples also instruct using web search to gather related material. That creates a misleading privacy guarantee: user context may influence external network requests, exposing sensitive biographical topics or identifiers to third parties even if final files are local.

Intent-Code Divergence

High

Confidence: 95% confidence
Finding: The privacy section says data is only stored locally and not uploaded externally, yet the skill explicitly uses `web_search` and allows importing from a URL. That is a misleading data-handling claim: even if autobiographical text is not directly uploaded, external network calls can expose contextual queries, metadata, or fetched content in ways the user was told would not occur.

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to automatically record life-related disclosures 'anytime' rather than only when the user explicitly invokes the skill for biography building. This exceeds the stated use boundary and can capture sensitive personal information in contexts where the user did not intend persistent storage.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The examples instruct the agent to persist highly personal life details by default without a contemporaneous notice, consent step, or reminder that the information is being written to local files. In a memoir-building skill, users may disclose sensitive biographical information conversationally and not realize it is being permanently stored.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The optional web search step introduces external network access tied to user-provided educational or life-history context, but the examples do not warn that external services may receive related queries. Even when the search is for background material, the surrounding context can reveal sensitive associations about the user's identity, school, employer, or personal history.

Vague Triggers

High

Confidence: 97% confidence
Finding: The activation scope is overly broad because the agent is told to persist any life-related statement without a clear trigger phrase or user confirmation. In a conversational assistant, this can silently convert ordinary dialogue into stored records, which is especially risky given the autobiographical and potentially sensitive nature of the data.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill directs persistent file writes of deeply personal content without upfront notice or consent, creating a silent-retention risk. Users may disclose family history, relationships, childhood events, and other sensitive material without realizing it is being stored across sessions on disk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script collects and stores extremely sensitive autobiographical content, including family, relationships, life events, and future plans, under a predictable path in the user's home directory without any privacy notice, permission prompt, access control, encryption, or retention guidance. In this skill's context, the data sensitivity is unusually high, so silent local persistence materially increases privacy and exposure risk if the host is shared, backed up, synced, or later compromised.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The guidance says to treat nearly every user statement as material to immediately record, which encourages indiscriminate retention of sensitive personal data. In this skill's context—collecting life stories, relationships, education, and turning points—default persistence materially increases privacy and data-minimization risk because users are likely to reveal intimate details over time.

Ssd 3

Medium

Confidence: 95% confidence
Finding: Default persistent recording of all life disclosures without explicit opt-in for each entry encourages overcollection of sensitive personal data. This is dangerous because the content spans identity, family, education, work, and relationships, making the resulting dataset highly privacy-invasive if mishandled or accessed by others.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The skill promotes ongoing accumulation and automatic summarization of sensitive autobiographical history across conversations, which increases the privacy and inference risk over time. Summaries can surface patterns, intimate details, and sensitive inferences that are more revealing than the original fragmented disclosures.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal