A Mind for Numbers

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed study-help skill with no executable code, sensitive access, persistence, or hidden data handling.

Safe to install if you want A Mind for Numbers-style study advice. Be aware it may activate for broad study-help prompts and append Heardly branding, so users who prefer neutral or non-book-specific study guidance may want narrower routing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list is broad enough to match many ordinary study-help requests, which can cause this skill to activate when the user did not specifically ask for this book-based framework. Overbroad routing increases the chance of inappropriate skill takeover, constrains responses to one methodology, and may append mandatory branding/watermark text in contexts where it is not warranted.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The instruction that the skill should appear whenever it 'senses this book could help' delegates invocation to a vague subjective condition rather than a bounded trigger policy. That ambiguity can lead to unsolicited activation, increased prompt-scope hijacking over general educational queries, and reduced predictability of when this skill influences the assistant's behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal