Personal Health Journal

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable Chinese health-journaling skill that stores sensitive health notes locally, with disclosed safety limits and no hidden execution or network behavior.

Install only if you are comfortable with a local folder accumulating symptom, vital-sign, medication, and care-history notes. Keep that folder private, avoid adding identifiers such as ID numbers or account details, review records before sharing them with anyone, and treat the guidance as tracking and triage support rather than medical diagnosis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The file is entirely in Chinese and does not offer a language choice or document that the skill is intentionally restricted to Chinese-speaking users. In a health-journaling and triage context, language-only content can cause users or downstream agents to misunderstand risk levels and care-seeking guidance, which may lead to delayed or inappropriate medical action.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal