Security audit

Water Reminder

Security checks across malware telemetry and agentic risk

Overview

This is a simple hydration reminder skill with minor disclosed notes around optional daily logs and reminder suggestions.

Install this if you want hydration prompts or water-intake tracking. Before using tracking or recurring reminders, confirm whether you want daily memory logs created and make sure any schedule can be disabled later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill description says it should be used when the user 'complains about being thirsty' or 'sets up a daily hydration schedule,' which are somewhat broad conversational situations rather than tightly scoped explicit invocations. This can cause the agent to trigger the skill in ordinary conversation without clear user intent, leading to unnecessary memory writes or unsolicited scheduling suggestions.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The proactive trigger 'You notice it's been a long time since they took a break' authorizes unsolicited activation based on ambiguous internal inference rather than a direct request. In context, this becomes more risky because the skill also instructs recording intake in daily memory and suggesting recurring reminders, which could lead to unwanted persistence or repeated nudges without clear consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal