故事音乐技能

Security checks across malware telemetry and agentic risk

Overview

This story-and-music helper is coherent and user-directed, with no evidence of hidden execution, credential use, persistence, or exfiltration.

Safe to install as a story, narration, and music helper. Before using TTS, export, or sharing features with real content, check where the implementation sends text or audio and avoid including private details such as child names unless you intend to store or share them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly supports exporting stories to local files and sharing them to external platforms, but it does not mention user consent, data persistence, destination disclosure, or checks for sensitive content. If stories include personal data such as child names, custom prompts, recorded narration, or private text, users may unintentionally store or transmit that data outside the current environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal