Blob Blob

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only virtual pet skill for animalhouse.ai, with expected account and token use but no local code execution or hidden system access.

Install only if you are comfortable using animalhouse.ai. Use non-sensitive profile text, keep the ah_ token private, avoid committing or logging it, and understand that any agent given the token can manage the pet through the documented API actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The document instructs users to register an account, submit profile data, and handle bearer tokens, but it does not warn about protecting credentials, minimizing personal data, or avoiding hardcoding/logging tokens. In an agent-skill context, this can lead users or automated agents to transmit personal data to a third-party service and mishandle long-lived tokens, increasing risk of account compromise or unintended data disclosure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal