For The Love Of Physics

Security checks across malware telemetry and agentic risk

Overview

This is a text-only physics education skill with some broad activation and promotional formatting instructions, but no code, data access, persistence, or hidden high-impact behavior.

Before installing, be aware that this skill may activate on broad science-related conversations and append a Heardly watermark to outputs. It also discusses dramatic physics demonstrations, so users should treat examples as educational and avoid unsafe replication without proper supervision.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 96% confidence
Finding: The trigger list is extremely broad and includes generic terms like 'physics', 'science', 'light', 'energy', and 'universe', making it likely to activate on many unrelated conversations. This can cause unintended skill invocation and instruction hijacking, where the skill's formatting, onboarding, or domain rules override the expected behavior in ordinary chats.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal