Xiao Chuang You

Security checks across malware telemetry and agentic risk

Overview

This is a coherent lifestyle assistant, but it deserves review because it broadly auto-activates, stores personal wellness/location context, and declares a recurring background memory-check task.

Install only if you are comfortable with a broad lifestyle assistant that may activate on ordinary requests, query external weather/search services, and keep personal context in workspace memory files. Review or disable memory and the monthly cron behavior where possible, and treat all sleep, diet, acupressure, pet-care, and emotion advice as general guidance rather than professional care.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (14)

Vague Triggers

High

Confidence: 91% confidence
Finding: Several standalone keywords such as '茶', '音乐', '旅行', and '情绪' are semantically broad and may appear in many unrelated contexts. Without scope constraints, the router may activate this skill for general-purpose requests, reducing routing precision and increasing the risk of irrelevant or policy-misaligned responses.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Several standalone keywords such as '茶', '音乐', '旅行', and '情绪' are semantically broad and may appear in many unrelated contexts. Without scope constraints, the router may activate this skill for general-purpose requests, reducing routing precision and increasing the risk of irrelevant or policy-misaligned responses.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly directs the agent to proactively collect and remember health-adjacent status data and location/city information, but does not require a clear user-facing notice, consent flow, or retention boundary before doing so. In a lifestyle and wellness skill, these details can become sensitive when combined over multiple turns, enabling profiling of a user's health condition, routines, and whereabouts without meaningful transparency.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The memory rules instruct the system to recall and reuse prior user details across conversations, including condition-related status and location context, without requiring a clear warning that data may persist across sessions. Persistent cross-session memory materially increases privacy risk because seemingly modest facts can be linked into a longitudinal profile of the user's habits, emotional state, and wellness concerns.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation keywords are broad and include common travel-related terms such as '出行', '旅行', '周边', and city names like '北京' and '杭州'. In a general assistant, this can cause unintended routing into this skill for ordinary user queries, producing overbroad activation, context hijacking, or inappropriate domain responses even when the user did not intend to invoke a aesthetics/travel module.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation keywords include very common sleep- and fatigue-related phrases such as “累”, “失眠”, and “睡不好”, which are likely to appear in ordinary conversation and can cause unintended invocation. In a broad lifestyle assistant, this increases the chance the module responds outside user intent, potentially surfacing sleep or health guidance when the user was speaking casually or about a different issue.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation list includes broad, common terms such as “调理” and “穴位,” which can cause the module to trigger on vague health-related queries that may not actually seek wellness guidance. In a health-adjacent skill, over-triggering is risky because it can route users into advice involving body manipulation or traditional remedies when they may need clearer triage or professional medical guidance.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation keywords include very common daily terms such as “热”, “冷”, and weather-related words that frequently appear in unrelated conversations. This can cause the skill to trigger unintentionally, leading to scope overreach, confusing user experience, and possible invocation in contexts where the user did not intend to request this module.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation list includes very common terms such as “宠物”, “猫”, and “狗”, which are likely to appear in ordinary conversation and can cause the module to trigger unintentionally. In a broad lifestyle skill with many overlapping open-ended triggers, this increases routing ambiguity and may cause pet advice to be applied when the user did not intend to invoke this module.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation keywords are broad, common emotional terms such as '情绪', '心情', '压力', and '内心', which can easily appear in ordinary conversation outside the intended skill scope. This increases the chance of unintended routing into a module that gives quasi-wellness or mental-health-style guidance, creating reliability and safety risks, especially around sensitive emotional states like anxiety or depression.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation terms include very generic words such as “做”, “材料”, and “DIY”, which are common in normal conversation and can cause the skill to trigger outside its intended handcraft domain. This increases the chance of unintended routing, policy bypass through misclassification, and confusing or unsafe responses if the handcraft module handles requests it was not designed for.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation terms include very generic words such as '诗', '词', '读书', '文学', and '阅读', which are common in ordinary conversation and can cause the skill to trigger when the user did not intend to invoke this module. In this skill, that mainly creates routing and response-quality problems rather than direct security compromise, but it still increases the chance of unintended handling of user input across contexts.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation terms are numerous and fairly generic within the broader skill ecosystem, increasing the chance that unrelated user queries about clothing, color, or recommendations could trigger this module unintentionally. This can cause scope bleed, misrouting, and lower-quality or context-inappropriate responses, though it does not by itself create direct code execution or data exfiltration risk.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The activation keywords include very broad everyday phrases related to food and wellness, which can cause the skill to trigger on ambiguous user requests that were not intended for this module. In an agent setting, overbroad routing increases the chance of misfires, inappropriate responses, and policy bypass through unintended invocation paths, even though the content here is not overtly malicious.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal