Fire Weather

Security checks across malware telemetry and agentic risk

Overview

This is a content-only Fire Weather guide with broad topic triggers and a promotional watermark, but no dangerous access or hidden behavior.

Install this if you want a guided Fire Weather and wildfire-climate explainer. Expect it to activate on fairly broad wildfire or climate-change wording and append a Heardly attribution watermark to responses; users who want narrow, explicit invocation may find that noisy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger list is unusually broad and includes generic wildfire and climate-related terms such as 'climate change,' 'megafire,' and 'Canada wildfire,' plus a rule to trigger when a user says they just installed the skill. This can cause the skill to activate in conversations that are only tangentially related, leading to unwanted instruction injection into unrelated chats and reducing user control over when the skill runs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal