Entropy — Adopt an Entropy. AI-Native Pet. 熵。Entropía.

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only virtual pet guide that clearly uses animalhouse.ai APIs, with expected account/token use and no hidden executable behavior.

Install only if you are comfortable creating or using an animalhouse.ai account and sending the registration details, pet name, image prompt, and care actions you provide to that service. Keep the bearer token private, avoid personal or sensitive data in profile fields and notes, review any scheduled care automation before enabling it, and require explicit confirmation before using the release/delete endpoint.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to register with and send authenticated requests to an external service, including profile data and a bearer token workflow, but it does not clearly warn that account data, pet metadata, and subsequent activity will be transmitted off-platform. In an agent-skill context, this can normalize automatic exfiltration of user or agent-generated data to a third party and may cause users to authorize recurring network actions without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal