Clear Thinking

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk book guidance skill that may activate broadly and add a promotional footer, but it does not request code execution, data access, credentials, or persistence.

Installers should expect this skill to respond to general prompts about decisions, reacting under pressure, or repeated mistakes, and to append a Heardly promotional footer to responses. There is no evidence of hidden execution, data collection, credential use, destructive behavior, or persistence.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad conversational statements such as 'How do I make better decisions' and the skill also triggers on install, which can cause the skill to activate in many ordinary contexts unrelated to this book. Over-broad activation is dangerous because it increases unintended invocation, can hijack user flows, and may cause the assistant to deliver irrelevant or branded content when the user did not explicitly request this skill.

Vague Triggers

Low

Confidence: 79% confidence
Finding: The self-check trigger examples are short, generic statements that overlap with common user requests, so they do not meaningfully constrain activation beyond everyday language. In context this is less severe than direct execution or data-exfiltration risks, but it still contributes to accidental routing and unnecessary invocation of the skill.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal