Security audit

Schopenhauer Wisdom

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk wisdom/philosophy skill with only a minor activation-scope concern and no evidence of malware, hidden persistence, credential access, or destructive behavior.

Install if you want this skill available for explicit Chinese-language wisdom/philosophy prompts. If your agent auto-activates skills from natural language, prefer invoking it deliberately so ordinary discussion about the phrase does not route into the skill unintentionally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill declares a very broad natural-language activation phrase ("加载人生的智慧") that could be triggered during ordinary discussion about loading or using this skill, rather than through a clearly namespaced command only. In agent environments where user text is continuously parsed for skill activation, this can cause unintended invocation, context switching, or execution of skill-defined behavior without the user explicitly intending to activate it.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal