Becoming A Person Of Influence

Security checks across malware telemetry and agentic risk

Overview

The only reported concern is over-broad activation wording, which may be annoying but does not show harmful behavior by itself.

Before installing, check whether the skill’s broad activation terms fit how you use your agent. If it appears in unrelated conversations, narrow or disable its triggers; no supplied evidence suggests malware or unsafe system access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list is broad and includes generic terms such as "trust," "service," "impact," "listening," and even activation when the user just installed the skill or does not know how to start. This can cause unintended invocation in unrelated conversations, which increases the chance of context hijacking, irrelevant responses, and user confusion even though the content itself is non-sensitive and non-executing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal