Drift — Adopt a Drift. AI-Native Pet. 漂流。Deriva.

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward virtual pet caretaker guide, with one under-described delete-style endpoint users should treat cautiously.

Install only if you want an agent to interact with animalhouse.ai on your behalf. Treat the Animal House token like a password, review any scheduled heartbeat before enabling it, and do not allow the agent to call the release/delete endpoint unless you explicitly intend to give up the virtual pet.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation exposes a destructive `DELETE /api/house/release` endpoint in the endpoint list without any nearby warning, confirmation guidance, or explanation of permanence. In agentic contexts, terse endpoint catalogs are often consumed literally by automation, so an agent could invoke release as a routine cleanup action and irreversibly lose the pet or related state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal