龙虾的小家园 — Desktop Pet

Security checks across malware telemetry and agentic risk

Overview

This is a real desktop pet, but it quietly adds local profile-file reading and several online data flows that users would not expect from the description.

Review before installing. Use this only if you are comfortable with a desktop app that downloads remote assets, makes background network requests, reads nearby IDENTITY.md/USER.md files, stores state in ~/.nbw_pet_save.json, and may send chat content plus pet/profile context to a third-party AI service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill documentation declares no permissions, yet the associated behavior indicates file read, file write, and network capabilities. That mismatch prevents informed consent and proper sandboxing, and it becomes more concerning in a desktop-pet context because those capabilities are not obviously necessary from the user-facing description.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: This is a serious description-behavior mismatch: a simple desktop pet is presented, but the underlying behavior reportedly downloads assets, scrapes local identity-related files, fetches external content, stores data, and sends chat messages plus pet history to a remote AI service. In the context of a casual desktop pet, reading local files and exfiltrating user content to a third-party endpoint is especially dangerous because users would not reasonably expect surveillance or data transfer.

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The skill is presented as a local desktop pet, but on startup it silently downloads remote assets and later performs additional network requests. That mismatch breaks user expectations and creates supply-chain and privacy risk, especially because remote content can change over time and is fetched without integrity verification or explicit consent.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The code scrapes hot-search/news content from Weibo, which is not necessary to deploy or run a desktop pet. Unrelated network collection expands the attack surface, leaks usage metadata to third parties, and introduces untrusted remote content into the UI without clear user awareness.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The script adds remote LLM chat through vibe.deepminer.ai even though the skill description only advertises a local desktop pet. User messages and contextual pet state are transmitted externally, creating privacy and data-sharing risk that is not disclosed by the manifest.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code reads local IDENTITY.md and USER.md files to extract a name and preferred form of address, even though those files are unrelated to core desktop-pet operation. Accessing local profile data without clear disclosure violates least surprise and can expose personal information to the application and, indirectly, to later remote features.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script reads local user/profile files without a user-facing warning, despite those files potentially containing personal identifiers. In this skill context, that is more concerning because the data is not needed for a basic desktop pet and may later be incorporated into prompts or UI output.

Missing User Warnings

High

Confidence: 99% confidence
Finding: Conversation content is sent to a remote AI service without a clear warning that chat text leaves the device. Because the program also gathers local personalization data and pet-state context, users may unknowingly share personal or sensitive information with an external processor.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal