Back to skill

Security audit

Akita — Adopt an Akita. Dog. 秋田犬。Akita.

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward guide for using an external virtual pet API, with routine cautions around account tokens, automation, and a release endpoint.

Install only if you are comfortable creating an animalhouse.ai account/profile and using a service token. Keep the token private, keep any automated care schedule under your control, and do not call the release endpoint unless you intentionally want to give up or delete the virtual pet state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill documents a DELETE `/api/house/release` endpoint but provides no warning that it is destructive or potentially irreversible. In an agent context, listing a destructive endpoint alongside normal operations can lead to accidental invocation, causing unintended loss of a user's virtual pet or account state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.