Driftling Buddy

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local companion skill that stores buddy progress locally, with privacy considerations but no evidence of exfiltration, deception, destructive behavior, or unrelated authority.

Install only if you want a persistent companion that remembers activity-derived notes across sessions. Review or redirect BUDDY_STATE_FILE, and avoid putting sensitive personal, client, or secret information into buddy context because those notes can be saved locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Tainted flow: 'STATE_FILE' from os.environ.get (line 78, credential/environment) → pathlib.Path.write_text (file write)

Medium

Category: Data Flow
Content: def save_state(state: dict) -> None: STATE_FILE.write_text(json.dumps(state, ensure_ascii=False, indent=2), encoding="utf-8") def add_to_collection(theme: str, name: str, custom_profile=None, context: str = "") -> dict:
Confidence: 93% confidence
Finding: STATE_FILE.write_text(json.dumps(state, ensure_ascii=False, indent=2), encoding="utf-8")

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill persistently stores unlocked buddies, main selection, and especially free-form activity/context fields in a local state file, but the manifest presents the skill mainly as a companion-rendering experience. That creates a data minimization and privacy mismatch: user behavior notes may be retained longer than expected and exposed to other local users or processes.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The register command accepts arbitrary JSON profile data and a free-form context string from the caller, then persists them to disk with no schema enforcement or sensitivity filtering. This enables storage of arbitrary user notes or unexpected data well beyond the stated companion purpose, increasing privacy risk and potentially bloating or poisoning local state.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes broad natural-language phrases such as "enable buddy mode," "be my coding buddy," and similar conversational requests that could plausibly appear in ordinary dialogue. Ambiguous activation can cause the skill to engage unexpectedly, altering agent behavior, introducing unintended persistence or memory features, and creating opportunities for prompt-routing abuse or user confusion.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The activation rules allow the buddy to appear on many ordinary tasks once enabled, creating broad ambient invocation from routine conversation. Overly broad triggers can cause unintended processing and persistence of user activity beyond what the user expected when they first invoked the feature.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: This section maps a very wide range of user behaviors to pool creation or unlock logic and even says the mapping is not exhaustive. That makes the scope of collection and reaction ambiguous, encouraging the system to treat nearly any behavior as signal for tracking, persistence, or reward generation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs automatic storage of names, habits, memories, obtained context, and other session-derived history without a clear notice or consent step. Because these entries can reflect personal routines and work habits, silent persistence creates a privacy risk even if the data remains local.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The code writes persistent state automatically without any clear disclosure at the point of use. In this skill's context, that is mainly a privacy and transparency issue: users may not realize their interactions, unlocks, or context notes are being saved locally.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The design intentionally stores diary-like memories and contextual notes tied to the user's activities across sessions. Even without exfiltration, retaining this level of behavioral history can expose sensitive work patterns, routines, or personal context to later local access or accidental disclosure.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The skill repeatedly tells the agent to observe repeated habits, infer themes from user behavior, and use those patterns as persistent input to progression. This creates a profiling mechanism over ordinary activity, which is more sensitive than simple ephemeral personalization because it accumulates over time.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal