Security audit

Liaomei Skill

Security checks across malware telemetry and agentic risk

Overview

This is a local dating/social coaching journal skill whose storage behavior is sensitive but disclosed, scoped to its own records, and aligned with its stated purpose.

Install only if you want a local log of dating/social coaching records. Use aliases instead of real names, check the reported DATA_DIR path on first use, say clearly when you do not want something saved, and periodically review or delete the generated files and backups.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to execute Bash for directory creation, migration, backups, and file appends. Even if intended for persistence, this expands the skill from advice into filesystem mutation, creating risk of unintended local data changes, privacy exposure, and destructive behavior if paths or environment variables are manipulated.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill is presented as a dating/social coach but also performs automatic migration of historical local directories, which is operational behavior beyond user-visible coaching. Silent movement of prior data can surprise users, affect unrelated local state, and copy or relocate sensitive relationship history without clear approval.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill directs automatic migration and creation of directories/files before establishing clear, upfront user consent for filesystem changes. This is risky because it causes persistence and local state modification as a side effect of ordinary use, including handling sensitive personal data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill stores highly sensitive relationship, emotional, and interaction-history data, but the user-facing description does not provide a meaningful privacy warning or data-handling summary. Users may disclose intimate information without understanding it will be persisted locally and potentially migrated across directories.

Session Persistence

Medium

Category: Rogue Agent
Content: ### 存储路径（环境自适应 + v1.x 自动迁移）首次使用时，用 Bash 按以下顺序：**(1) 自动迁移 v1.x 老数据 → (2) 解析 `$DATA_DIR` → (3) `mkdir -p` 创建**。**OpenClaw（龙虾）是首要目标平台**，检测到龙虾环境时强制走龙虾路径。 ```bash # === v1.x → v2.0+ 自动迁移（一次性，已迁移的不再触发） ===
Confidence: 96% confidence
Finding: mkdir -p` 创建**。**OpenClaw（龙虾）是首要目标平台**，检测到龙虾环境时强制走龙虾路径。 ```bash # === v1.x → v2.0+ 自动迁移（一次性，已迁移的不再触发） === OLD_OPENCLAW="$HOME/.openclaw/workspace/memory/social-coach" NEW_OPENCLAW="$HOME/.openclaw/wo

Session Persistence

Medium

Category: Rogue Agent
Content: **🤖 模型（步骤化）：** 1. **Bash 解析 `$DATA_DIR`** 并 `mkdir -p`，告诉用户："数据存储在 `~/.liaomei-skill`" 2. **Bash 检查 `profile.json` 不存在** → 标记冷启动，先处理指令，最后追加画像邀请 3. **Bash 算 ID**：`wc -l < $DATA_DIR/invitations.jsonl 2>/dev/null || echo 0` → `0` → 新 ID = `INV-001` 4. **追问缺失字段**（一次性列齐）：
Confidence: 95% confidence
Finding: mkdir -p`，告诉用户："数据存储在 `~/.liaomei-skill

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.