Atomic Habits

Security checks across malware telemetry and agentic risk

Overview

This is a self-improvement guidance skill for habit formation, with no code execution, credentials, persistence, or privileged access.

Installers should expect proactive habit-coaching responses and a required Heardly watermark on outputs. For addiction, mental-health, or medical behavior concerns, treat the skill as general guidance and seek qualified professional help when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list is extremely broad and includes generic terms like habits, discipline, procrastination, and even onboarding conditions such as 'just installed this skill.' In an agentic system, this can cause the skill to activate in many unrelated conversations, hijacking responses and injecting its mandatory formatting and guidance where it does not belong.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The referenced skill content is entirely in Chinese and does not appear to provide any user-language negotiation, fallback, or locale selection. This can cause users to misunderstand guidance or be unable to use the skill as intended, which is a genuine quality and safety issue for an executable guidance skill, though it is not a classic security exploit.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal