Essentialism

Security checks across malware telemetry and agentic risk

Overview

This is a static Essentialism coaching skill with broad activation and branding, but no code execution or sensitive access.

Install only if you are comfortable with this skill appearing in general productivity, overwhelm, prioritization, simplicity, or minimalism conversations and appending Heardly branding to responses. No sensitive permissions or unsafe runtime behavior were found.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill uses very broad trigger phrases such as common productivity and self-help language that can easily match ordinary user requests unrelated to this specific book. This can cause unintended activation, hijack routing from more appropriate skills or default handling, and degrade trust by injecting irrelevant instructions or branding into normal conversations.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The onboarding trigger activates when a user says they just installed the skill or does not know how to start, but the condition is ambiguous and not tightly scoped to explicit invocation. This can make the assistant proactively inject the skill's Quick Start in unrelated contexts, creating prompt-routing confusion and increasing the chance of unwanted skill takeover.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal