Parent Control

Security checks across malware telemetry and agentic risk

Overview

This parental-control skill describes invasive monitoring and remote device-control features, but its controls, consent model, data handling, and implementation are not sufficiently disclosed.

Review before installing. Only use it on a device you legally administer, obtain consent where required, inspect the full source package first, verify strong authentication for the management UI, confirm exactly what data is emailed or stored, and make sure there is an emergency unlock and uninstall path.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill advertises continuous process monitoring, website blocking, remote lockscreen control, email reporting, and admin-level host file modification, but the warning section only gives a light recommendation to inform the monitored person and a broad claim that no sensitive information is collected. That combination creates a real transparency and consent risk because users may deploy invasive supervision and system changes without clear notice of privacy, monitoring, and device-control implications.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal