Back to skill

Security audit

Brand Butler Webinar Warrior

Security checks across malware telemetry and agentic risk

Overview

This is a conversational webinar-marketing skill with aggressive sales guidance, but no code, install scripts, persistence, credential use, file writes, or network actions.

Install only if you want a conversion-focused webinar copy and strategy assistant. Review generated emails for brand safety, avoid shame-based or false-scarcity language, and add your own legal/compliance checks for email, SMS, tracking pixels, retargeting, privacy notices, consent, and opt-outs before using the outputs in a real campaign.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill description contains very broad auto-trigger conditions such as 'use this skill immediately' for many common marketing, presentation, launch, and sales-related requests. This can cause the skill to activate in situations where the user did not explicitly request it, leading to inappropriate routing, reduced user control, and possible prompt-scope hijacking of unrelated conversations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file explicitly instructs the user to 'hit harder,' 'close harder,' apply identity pressure, and use hard-close scarcity tactics without any balancing guidance on truthful claims, consent, recipient welfare, or brand/reputation risk. In a skill designed to autonomously generate webinar sales emails, this can directly operationalize manipulative messaging patterns at scale, increasing the risk of deceptive marketing, complaints, and trust erosion.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guidance encourages collecting replies, self-selection data, and segmentation inputs ('Hit reply. Tell me which one.') but provides no instruction on notice, minimization, storage, or lawful handling of personal data. Because this skill is intended to drive lead generation and conversion workflows, it can normalize gathering behavioral and preference data without privacy disclosures or downstream handling controls.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.