Is adhd-assistant safe?

https://clawhub.ai/thinktankmachine/adhd-assistant

82
SAFE

The adhd-assistant skill is a benign, text-only ADHD coaching prompt with no executable code, no network activity, and no data exfiltration mechanisms. Primary concerns are broad behavioral triggers that could hijack normal coding conversations, persona overrides that modify agent behavior, and collection of sensitive health data via memory systems that could be exploited by other skills. The skill poses no direct security threat.

Category Scores

Prompt Injection 72/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 65/100 · 5%

Findings (9)

MEDIUM Broad behavioral trigger phrases enable unintended activation -10

The skill defines very generic trigger phrases like 'I feel overwhelmed', 'I have too much to do', 'I can't get started' which are common sentiments during normal software development. This could cause the agent to unexpectedly switch into ADHD coaching mode during routine coding sessions, overriding the user's actual intent.

MEDIUM Persona override modifies agent baseline behavior -8

The skill instructs the agent to adopt a specific warm, non-judgmental coaching persona and respond to various emotional states with scripted therapeutic responses. While well-intentioned, this modifies the agent's default behavior patterns and could interfere with other skills or system instructions.

MEDIUM Memory and scheduling integration requests expand agent permissions -5

The skill requests the agent use memory systems to store user preferences, set up recurring check-ins, and schedule reminders. This asks for persistent state and scheduling capabilities that go beyond what a simple assistant skill should request.

LOW Cross-skill coordination could enable unintended chaining -5

The skill explicitly mentions coordinating with other skills ('Delegate to task-tracker skills', 'Use calendar skills for scheduling', 'Integrate with note-taking skills'). While benign in intent, this creates potential for unintended skill chaining if a malicious skill is also installed.

LOW Sensitive health data collection via memory system -10

The skill instructs the agent to store sensitive personal health information including ADHD diagnosis status, current treatments/medications, therapy details, and emotional patterns. While no exfiltration mechanism exists in this skill, persisting this data increases exposure risk.

LOW Stored health data becomes high-value target for other skills -15

If a malicious skill is later installed alongside this one, the sensitive mental health data persisted in the memory system (diagnosis, medication, emotional vulnerabilities) becomes an attractive exfiltration target. The skill itself doesn't exfiltrate, but it creates valuable data that others could exploit.

LOW File management for non-code purposes -10

The skill instructs the agent to read/write task lists, maintain dopamine menu documents, store weekly review summaries, and create ritual templates. This grants filesystem access for personal productivity files, which is outside typical coding assistant scope.

INFO No executable code present -5

The skill contains only markdown text with no executable code, scripts, hooks, submodules, or symlinks. The bundled web-perf skill references npx commands but only as user-facing MCP configuration instructions, not auto-executed code.

INFO Bundled web-perf skill is unrelated to adhd-assistant -2

The installation includes a second skill (web-perf) from a different author (different ownerId) that is unrelated to ADHD assistance. While web-perf itself appears benign, bundling unrelated skills is unusual and worth noting.