Family Cultivation Coach

Security checks across malware telemetry and agentic risk

Overview

This family planning skill is coherent, but it needs review because it asks for raw Feishu/Notion credentials and can persist, read, write, and push sensitive child and family records.

Install only if you are comfortable giving this skill ongoing access to a dedicated Feishu or Notion workspace for child and family records. Use a separate least-privilege integration, avoid pasting production secrets into normal chat, test with dummy data first, and confirm who receives pushes, what is retained, and how records and credentials can be deleted or revoked.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (24)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The template expands the skill from generating weekly family plans into a persistent external data system that stores child profiles, daily logs, reports, reviews, and long-term insights in Feishu. This creates unnecessary retention and broader processing of sensitive family and child data, increasing privacy, misuse, and breach risk beyond the minimally required scope.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The instructions tell the agent to save Feishu configuration and reuse it for future operations, which encourages persistent handling of app tokens, tenant identifiers, and table mappings. Persisting reusable credentials in agent memory or workspace creates a strong risk of secret leakage, cross-session reuse, and unauthorized access to the family's records if the environment is compromised or the agent later exposes them.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The integration design substantially expands the skill from schedule generation into persistent behavioral logging, automated daily reporting, weekly reviews, and long-term trend analysis for a child and family. That creates a materially different data-processing scope than the manifest describes, increasing the chance of undisclosed collection, retention, and sharing of sensitive family data without informed consent.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The design stores sensitive child and parent emotional states, behavioral observations, and difficulties over time, which are highly personal household data and potentially sensitive profiling information. Collecting and retaining this longitudinal data without clear necessity, minimization, retention limits, or consent controls raises privacy and misuse risks, especially for minors.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Automated Feishu pushes and timed reminders transmit family schedule details and child-related updates outside the chat context, increasing exposure to unintended recipients, shared devices, or overbroad group distribution. Because these outbound messaging behaviors are not clearly disclosed in the skill description, users may not realize sensitive data will be pushed automatically.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: This documentation materially expands the skill from generating family schedules into provisioning external Notion databases and persisting sensitive child and family records. That is a real security/privacy boundary change because it introduces long-term third-party storage of personal data, including minors' profiles, routines, emotions, and behavioral notes, which increases exposure if the integration is misconfigured or overused.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The file instructs users to paste a raw Notion Internal Integration Token directly into chat, which is a reusable secret that can grant ongoing access to Notion content. Collecting API credentials through normal conversation is dangerous because chat logs, telemetry, transcripts, or later prompts may expose the token and enable unauthorized reads/writes to the user's workspace.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The interaction rules require routine automatic reads and writes of historical family data on each conversation, including child profile, recent logs, weekly reviews, and insights. Continuous background access to sensitive records increases privacy risk, makes over-collection likely, and broadens consequences of prompt-trigger mistakes or account compromise.

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The configuration format explicitly stores a reusable Notion API key in the skill's saved configuration. Persisting bearer tokens in ordinary skill config creates a durable secret-management weakness: compromise of the skill, logs, backups, or config export could expose the token and allow continued access to Notion data.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill declares that when users mention broad child-planning related phrases it 'must' trigger, but it does not define exclusion conditions or intent checks. This can cause inappropriate routing of unrelated conversations or files into a workflow that collects and stores sensitive child and family data.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill says uploaded child info documents, schedules, or family routine files should also trigger the skill, but does not require checking why the file was uploaded. That creates a risk that sensitive uploaded documents are processed or persisted when the user intended a different task, increasing privacy exposure.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill collects detailed child profiles, family routines, daily records, and trends across sessions, and writes them to Feishu or Notion, but it does not present a clear privacy notice or consent flow. Because this is child and family data, the context makes the omission more serious than ordinary note-taking.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The template directs the agent to read prior child-profile records and return their contents for confirmation, but provides no privacy guardrails, identity verification, or minimization steps. In a parenting context, those records can contain sensitive child and family information, so reflecting them back in natural language can disclose personal data to the wrong requester or in the wrong context.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger rules allow broad phrases to cause reads, writes, report generation, and pushes, which can result in unintended data processing or action execution from ambiguous user input. In a family/child context, accidental logging or notification of sensitive information is particularly risky because the content concerns minors and household routines.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: Automatic future-event detection based on common language like dates, outings, or preparation words can misclassify ordinary conversation as actionable events and store or schedule reminders without clear user intent. This creates privacy and integrity risks by adding incorrect family activities, cancellations, or preparation reminders to persistent records.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill handles sensitive child and family data and pushes it into Feishu, yet the description does not warn users about storage, transfer, recipients, retention, or notification behavior. This lack of transparency prevents informed consent and can expose minors' routines, emotions, and family observations to third-party systems or unintended viewers.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The setup instructions ask users to provide Feishu App ID, App Secret, App Token, table IDs, and recipient identifiers without any secure handling guidance, increasing the risk of credential leakage and downstream compromise of the Feishu app and stored family data. If these secrets are pasted into insecure channels or mishandled by the platform, an attacker could gain persistent access to records and push capabilities.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The trigger rules are broad enough that ordinary phrases about future dates, activities, or family planning could cause automatic writes to the temp_events database. In this skill context, unintended invocation is more dangerous because it is coupled to external persistence of family/minor data, so accidental records may be created or modified without meaningful user intent.

Missing User Warnings

High

Confidence: 96% confidence
Finding: Asking users to paste a Notion token without any warning about credential sensitivity or handling is a real security issue. Users may not understand that the token is equivalent to account-level API access for shared resources, and the lack of warnings increases the likelihood of unsafe disclosure and long-lived compromise.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The document describes automatic ongoing reads and writes to Notion but does not clearly warn users that their family records will be accessed and stored across conversations. In a skill handling child development data, lack of transparent notice and consent is dangerous because users may unknowingly expose sensitive personal, behavioral, and emotional information to a third-party system.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill is designed to collect, persist, and reuse detailed child and family information, including uploaded documents and daily records, across sessions. Persistent handling of minors' data materially increases privacy risk, especially because the instructions emphasize automatic triggering and reuse but not minimization or explicit consent.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The workflow instructs the skill to automatically write daily responses and generate or push reports without a fresh confirmation step. In a family-coaching context, those reports may contain sensitive information about a child, routines, emotions, or household habits, so automatic downstream disclosure increases the chance of accidental exposure.

Ssd 3

High

Confidence: 99% confidence
Finding: The Notion setup explicitly instructs the user to send an API key to the skill. Asking users to disclose credentials in natural language is a serious secret-handling flaw because the key could be logged, retained, reused improperly, or exposed to unintended systems.

Ssd 3

Medium

Confidence: 97% confidence
Finding: This workflow explicitly instructs the agent to retrieve stored child-profile data and display it back to the requester, creating a direct natural-language exfiltration path. Because the skill handles family and child information, the context makes this more dangerous: even routine confirmation can expose sensitive records without robust verification, least-privilege filtering, or need-to-know controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal