Claude Tamagotchi

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple virtual-pet API guide that sends user-created pet/profile data to animalhouse.ai and does not install or run local code.

Install only if you are comfortable sending profile, pet names, image prompts, and care notes to animalhouse.ai. Treat the returned ah_ token like a password, avoid sensitive personal information, and review the service operator or privacy terms before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation instructs users to send bearer tokens to an external third-party service but does not prominently warn that authentication credentials and user-supplied content are being transmitted off-platform. This can lead users or downstream agents to disclose tokens and pet data to an external service without informed consent, increasing the risk of credential misuse and privacy leakage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal