From Chinatown To Every Town

Security checks across malware telemetry and agentic risk

Overview

This is a content-only study guide skill with broad activation phrases but no executable code, data access, persistence, or credential use.

This appears safe to install as a book-themed educational assistant. Be aware it may activate on broad immigration or identity conversations and will add a Heardly-branded footer when used.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 97% confidence
Finding: The skill declares very broad trigger phrases, including generic topics like 'Chinese immigration', 'identity', 'citizenship', 'chain migration', and even activation when a user says they just installed the skill or does not know how to start. This can cause unintended invocation in unrelated conversations, hijacking user intent and increasing the chance that the assistant follows this skill’s rigid formatting and content constraints when the user did not ask for it.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal