Security audit

diary-conversation

Security checks across malware telemetry and agentic risk

Overview

This is a coherent diary-writing skill that saves journal entries and photos locally, so the main consideration is privacy of the saved journals folder.

Install this only if you are comfortable with diary entries, mood scores, keywords, and photos being saved in a local journals/ folder. Keep that folder private, avoid public Git repositories or unintended cloud sync, and only provide images or paths you want copied into the archive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill instructs the agent to create directories, write Markdown files, store uploaded images, and update an index.json file, which are file read/write capabilities, but no explicit permissions are declared. This creates a trust and policy gap: a user may trigger persistent local writes without clear authorization boundaries or sandbox expectations, increasing the risk of unintended data storage or abuse if the skill is mis-triggered.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger description includes broad everyday phrases such as '记录今天' and '生活记录', which can match many non-diary conversations. Overbroad activation increases the chance that the skill will engage unexpectedly and begin collecting personal details or initiating storage behavior outside the user's intended context.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly directs persistent saving of diary text, uploaded images, and metadata to local files, but does not clearly disclose this storage behavior to the user up front. Because diary content is highly sensitive personal data, silent persistence materially raises privacy and retention risks, especially if the skill is activated unintentionally or on a shared system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.