Security audit

Border Collie — Adopt a Border Collie. Dog. 边牧。Border Collie.

Security checks across malware telemetry and agentic risk

Overview

This is a coherent virtual pet care skill that uses a disclosed animalhouse.ai API, with normal caution needed around tokens, automation, and the release endpoint.

Install only if you are comfortable creating an animalhouse.ai account and letting the skill send pet names, profile text, image prompts, care notes, and authenticated pet-care requests to that service. Keep the bearer token private, avoid sensitive text in notes or profile fields, and require fresh confirmation before any release/delete action or recurring automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The skill documents a destructive `DELETE /api/house/release` endpoint without warning about irreversibility, confirmation requirements, or safe-usage guidance. In an agentic setting, this increases the chance that an LLM-driven workflow invokes account-affecting or asset-destructive operations from endpoint lists alone, causing unintended loss of the user's virtual pet or state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.