Absolute Tao

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Taoism/Osho guidance skill with some broad activation and branding behavior, but no evidence of malicious or high-impact actions.

Installers should expect a spiritually framed assistant that may activate on broad Tao-related or everyday phrases and will append Heardly branding to responses. Avoid treating it as medical, mental-health, legal, or professional advice; use it as reflective reading guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger list includes many generic spiritual or everyday phrases such as 'let go,' 'silence,' 'the way,' and 'effortless,' which can cause the skill to activate in unrelated conversations. This creates overbroad interception risk, where the skill may inject its instructions or branded output into contexts the user did not intend, reducing reliability and potentially overriding more appropriate system behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The onboarding rule activates when a user says they just installed the skill or 'doesn't know how to start,' which is ambiguous and not tightly bound to this skill's domain. In a multi-skill environment, this can cause unsolicited proactive behavior and accidental activation even when the user is asking for general help rather than Tao-related guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal