Security audit

Cognitive Science Landscape

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only cognitive coaching skill with broad activation language but no executable behavior, persistence, credential access, or hidden data handling.

Safe to install for reflective cognitive coaching. Be aware it may activate on broad 'think better' prompts, so use a more specific skill when the cognitive domain or problem type is already clear; do not treat it as medical or mental-health advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill’s activation criteria include very broad, common self-improvement phrases such as 'I want to improve my thinking' and 'how do I optimize my cognitive performance,' which can match many ordinary conversations. This can cause the skill to activate when the user actually needs a narrower, domain-specific skill or a non-cognitive intervention, leading to misrouting, unnecessary probing, and degraded system behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.