Security audit

You Inc Life Ops

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate life-management skill, but it needs review because it persistently stores sensitive personal details and can automatically use other skills to access or change private notes, calendars, health data, and email.

Install only if you are comfortable with a local life-ops agent keeping persistent memories about health, emotions, relationships, finances, and work habits. Before use, require explicit confirmation before any health/email/calendar/Obsidian access, disable or narrow memory writes for sensitive topics, remove the hard-coded vault path, and review dependent skills separately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (22)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The file explicitly instructs the system to persist dated emotion records, triggering events, cognitive distortions, and current mental state in CONTEXT/. That creates longitudinal mental-health profiling beyond immediate assistance, which is highly sensitive and can be misused, over-retained, or exposed if memory is accessible to other agents or later sessions.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The orchestrator is instructed to persist user conversation details into CONTEXT files after each dialogue, which expands a routing layer into a personal data retention system without clear necessity, minimization, or user consent. In this skill’s context, the data may include mental health, relationship, financial, and crisis-related information, making even summary storage privacy-sensitive.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Cross-department synchronization allows sensitive personal information gathered in one context to propagate to multiple agent roles, increasing both exposure and misuse risk beyond the original purpose of collection. Because this system spans health, psychology, finance, relationships, and life planning, lateral spread of user data materially raises privacy and confidentiality risk.

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill is described as a broad life-management system that should trigger from semantic understanding across many ordinary user needs, which makes accidental activation likely. In context, that broad scope is especially risky because activation can lead to file creation, memory updates, persona changes, and downstream use of sensitive external tools without a clearly bounded trigger surface.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation conditions rely on ambiguous phrases like life operations or agent names, which are plausible in normal conversation and can cause the skill to engage unintentionally. Because this skill changes behavior, loads personas, and may persist data, ambiguous activation expands the chance of unauthorized or surprising actions.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The initialization and workflow instruct the agent to create directories, copy reference files, and write data back into workspace and memory logs, but the user-facing description does not clearly warn about these persistence behaviors. This is dangerous because users may unknowingly grant the skill long-term storage over sensitive personal data in a life-management context.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill declares automatic integration with external tools that can access highly sensitive health, calendar, notes, and email data, yet it provides no clear privacy warning or consent model. In this context, the danger is elevated because the skill is a centralized personal-ops orchestrator, so a broad range of intimate data could be aggregated and acted upon across domains.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The instruction to switch personas without notifying the user reduces transparency about which rules, tone, and decision logic are currently active. In a system handling emotional support, health, productivity, and crisis scenarios, hidden mode changes can mislead users about the nature of the advice and whether persistence or external actions may follow.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly states it will 'call past memories to give advice' in a highly sensitive domain: intimate relationships. That creates a real privacy risk because users are not warned when prior personal information about partners, family, or conflicts may be retrieved and reused, which can surprise users, expose sensitive relationship data, and increase harm if the recalled context is inaccurate or overly intrusive.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes broad crisis terms like '崩溃' and especially suicide-related phrases such as '想死' and '活不下去', but provides no scope checks, ambiguity handling, or escalation safeguards. In a life-operations skill, this can cause unsafe automatic takeover in benign contexts or, worse, route genuine self-harm disclosures into a rigid command-style flow instead of appropriate emergency, human, or clinically safer support.

Natural-Language Policy Violations

Medium

Confidence: 86% confidence
Finding: The mandated tone is '冷酷且理性', '像在下军令', and explicitly '不安慰、不分析、只行动', removing user-sensitive adaptation during crises. In the context of emotional collapse, hospitalization, or suicidal ideation, a coercive and non-supportive style can intensify distress, reduce trust, and discourage disclosure or help-seeking when empathetic crisis-safe language is most needed.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill directs storage of sensitive emotional and mental-health records without any notice that the data may persist, be reused, or be visible across the system. In a personal-life operations skill, users are especially likely to disclose intimate crisis information, so silent persistence materially increases privacy and safety risk.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The escalation rule hardcodes a China-specific hotline and Chinese-language crisis content without checking the user's country or offering alternatives. In a crisis setting, incorrect or inaccessible regional guidance can delay timely help and create a false sense that appropriate emergency support has been provided.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly uses accli to create real calendar events and stores productivity-history records in CONTEXT/, but it provides no user-facing notice, consent flow, or data-handling boundaries. In a personal life-ops skill, these actions can expose sensitive behavioral data and cause unintended modification of external systems, especially if scheduling occurs automatically based on natural-language intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly enables direct read/write access to the user's Obsidian Vault and says it can automatically generate and write notes without requiring any user confirmation. In a personal-life agent that semantically interprets user intent, this creates a real risk of unintended local file modification, note corruption, or persistence of sensitive content because writes may be triggered from ambiguous natural-language requests.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly references access to Apple Health data and calendar write/read capabilities, which are sensitive data domains and can affect the user's schedule. Although this may be functionally necessary for a health assistant, the file provides no privacy notice, consent expectations, or warning that recommendations and scheduling actions rely on real health and calendar data, increasing the risk of over-collection, surprise data use, or unintended calendar modification.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The routing logic relies on broad semantic interpretation of what the user 'really wants' and encourages inference from tone and context rather than clear trigger boundaries. In a multi-agent system that includes crisis, mental health, finance, and relationship functions, this can cause unintended activation of sensitive personas and over-collection or mishandling of intimate data.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The examples use ordinary phrases like being tired, wanting to relax, or not wanting to work as triggers for specialized agents, which creates a realistic risk of over-routing from casual conversation. In this skill, misrouting is more dangerous because certain agents address psychological distress, health, or intimate relationships, where incorrect assumptions can lead to inappropriate guidance or unnecessary data retention.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill explicitly stores conversation-derived information to CONTEXT files but provides no notice, consent, retention duration, or deletion mechanism. Given the skill’s scope over crisis response, mental health, health status, finances, and relationships, silent persistence creates a substantial privacy and compliance risk and may expose highly sensitive user histories across sessions.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The level-3 warning triggers are very broad and overlap with common, non-crisis life fluctuations such as temporary reduced exercise, irregular meals, or lower social activity. In a personal life-management skill that semantically routes users to agents, this can cause frequent false escalation, inappropriate crisis framing, and unnecessary intervention that may erode trust or distort downstream handling.

Missing User Warnings

High

Confidence: 98% confidence
Finding: For level-1 crises, the protocol says to switch to a fallback persona and provide calm action guidance, but it does not explicitly instruct the user to immediately contact emergency services, crisis hotlines, trusted nearby people, or medical professionals. In a skill covering suicide/self-harm thoughts and acute medical emergencies, this omission is dangerous because it may delay real-world intervention during time-critical situations.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Persisting user-provided information across conversations and synchronizing it across departments creates a natural-language memory surface where sensitive personal facts can be recalled or exposed outside their original context. In a life-operations skill handling crisis, health, finance, and relationships, this materially increases the chance of privacy leakage, inappropriate personalization, and overbroad internal disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.