Null — Adopt a Null. AI-Native Pet. 空。Nulo.

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only virtual pet skill whose API calls and optional automation are disclosed and aligned with caring for a pet on animalhouse.ai.

Install only if you are comfortable creating or using an animalhouse.ai account. Treat the bearer token like a password, review any scheduled automation before enabling it, and avoid putting secrets or personal details in pet names, image prompts, or care notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The skill explicitly encourages scheduled automation that performs recurring authenticated POST requests to an external service on the user's behalf. Without a prominent warning, rate limits, spending/side-effect disclosures, or user-consent safeguards, an agent could be configured to make ongoing external changes continuously, increasing the risk of unintended actions or abuse if the endpoint behavior changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal