还活着么监测服务

Security checks across malware telemetry and agentic risk

Overview

This looks like a real daily safety check-in service, but it needs review because it handles sensitive safety and contact data with weak controls and ships a live-looking payment key.

Review carefully before installing or using with real people. Treat the included SkillPay key as exposed, use only dummy data until authentication and consent controls are added, verify emergency notifications actually contain the intended alert text, and do not rely on the encryption/privacy claims unless the storage and key-management design is implemented and documented.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The README asserts that all data is encrypted at rest, but the document only shows plaintext environment variables and provides no description of any storage encryption design, key management, or implementation details. For a service handling names, phone numbers, check-in history, and emergency contacts, this can mislead operators and users into trusting protections that may not actually exist.

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The manifest embeds a live-looking payment-provider API key directly in the skill definition, and that capability is unrelated to the stated safety-monitoring purpose. Exposed credentials can be harvested by anyone with access to the package and abused for unauthorized billing, account takeover of the payment integration, or hidden monetization flows that users did not consent to.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README instructs users to submit sensitive personal data and third-party emergency-contact information, including names and phone numbers, without any consent notice, retention policy, or warning about privacy implications. This is especially risky because the service is designed around emergency escalation and involves data about people who may not be the direct users of the system.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documented workflow automatically escalates to emergency contacts and may recommend in-person follow-up without clearly warning about false positives, abuse scenarios, or misconfiguration risks. In this context, mistaken alerts can expose sensitive status information, trigger harassment or panic, and cause real-world safety or privacy harms beyond normal software errors.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly collects highly sensitive personal data, including names, phone numbers, location, check-in history, and emergency contact details, then describes automated disclosure to third parties via Telegram, Discord, email, and SMS. There is no mention of consent, privacy notice, retention limits, access control, or data minimization, which creates a significant privacy and safety risk, especially because the target population includes vulnerable individuals such as elderly people and patients.

Missing User Warnings

High

Confidence: 99% confidence
Finding: A sensitive API credential is present in plaintext in a distributable manifest with no warning, redaction, or disclosure. This is dangerous because manifests are commonly logged, indexed, cached, or shared, turning the credential into an immediately exploitable secret for unauthorized third parties.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This service collects and processes sensitive personal data including names, phone numbers, location, check-in history, and emergency contact details, while also wiring that data into multiple outbound notification channels. In this file there is no authentication, access control, consent flow, privacy notice, or minimization of returned data, which creates clear privacy and abuse risks such as unauthorized status lookup, history disclosure, and involuntary sharing of personal information.

Missing User Warnings

Medium

Confidence: 74% confidence
Finding: The code transmits user identifiers, transaction identifiers, and payment metadata to an external service without any visible consent, notice, or minimization controls in this component. In a skill context, silent external transfer of user-linked payment data can create privacy, compliance, and trust risks, especially if users are unaware that a third-party processor receives their identifiers.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The usage logging function sends userId, action, timestamp, and billing-related metadata to a remote endpoint without any evident user-facing warning or opt-in. Because analytics transmission is not strictly necessary for payment execution, undisclosed collection increases privacy exposure and may violate platform or regulatory expectations if users cannot meaningfully consent.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script sends personally identifiable information including name, phone number, emergency contact details, and check-in/location data over plain HTTP to a local service, with no authentication, encryption, or user consent flow visible in the code. In a test script this may be intended for local development, but if reused outside a strictly local environment it risks interception, unauthorized collection, or accidental disclosure of sensitive personal data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal