Cipher — Adopt a Cipher. AI-Native Pet. 密码。Cifra.

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only virtual pet skill that clearly directs an agent to use the animalhouse.ai API for pet care, with no hidden code or unrelated access.

Install this only if you want an agent to manage a virtual pet on animalhouse.ai. Store the bearer token in a secret store or environment variable, avoid putting it in prompts or shared logs, set limits before enabling scheduled care, and require explicit confirmation before using release/delete-style endpoints.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill documents a DELETE `/api/house/release` endpoint but does not warn that it is destructive or irreversible. In an agent setting, this omission can cause accidental permanent release/deletion if the model follows endpoint lists or inferred workflows without clear confirmation safeguards.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal