Back to skill

Security audit

What At Home(家里有什么)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local home-inventory skill, with some accidental data-change risk but no evidence of hidden network, credential, or privileged behavior.

Install only if you are comfortable storing a local record of household belongings and their locations. Keep backup and export files private, and use delete or restore commands carefully because they change the saved inventory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The documented keywords are very broad everyday phrases such as item-finding and household-management language, without clear activation boundaries or namespacing. In an agent ecosystem, this can cause accidental invocation during normal conversation, leading the skill to access or modify household inventory data when the user did not explicitly intend to invoke it.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation advertises destructive commands such as deleting items and moving data-affecting content, but provides no warning, confirmation requirement, or recovery guidance nearby. This increases the chance of accidental or socially engineered data loss, especially because the skill manages persistent household inventory data and stores backups separately.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises backup, restore, and export operations but gives no warning that restore can overwrite current state and that backup/export write files to the local filesystem. In an agent setting, users may invoke these natural-language commands without understanding their persistence and data-loss implications, increasing the chance of accidental destructive actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README documents destructive operations like deleting items and restoring backups, but it does not warn users that deletion may permanently remove records or that restore may overwrite the current data state. In a stateful local data-management skill, this omission can lead to accidental data loss through normal use, especially because the commands are natural-language and easy to invoke unintentionally.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The query/search trigger examples are broad natural-language phrases such as “我的XXX在哪?” and “找一下手机”, which closely overlap with ordinary conversation. In an agent environment, this can cause unintended invocation of the skill or accidental data disclosure about household inventory when the user was only speaking casually rather than intending to operate the tool.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The deletion phrase “把遥控器扔了” is semantically vague and lacks scope constraints, so ordinary conversational text could be interpreted as a destructive delete action. Because item names may be duplicated across locations, this ambiguity can lead to unintended or overbroad deletion of records, causing integrity loss in the household inventory dataset.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The restore function replaces the active data store with backup contents immediately once a filename is supplied, without any explicit user-facing confirmation, dry-run summary, or integrity validation of the backup content. In a conversational/agent setting, a mistaken, ambiguous, or induced restore command can destroy current state and cause irreversible data loss or rollback to stale data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.