Heavy

Security checks across malware telemetry and agentic risk

Overview

This is a static reading guide for Kiese Laymon's Heavy, with sensitive themes and broad activation wording but no code, credential access, persistence, or hidden system impact.

Install only if you want a memoir-focused discussion tool for Heavy. Be aware it may surface material about child abuse, addiction, racism, body image, and family trauma, and its broad trigger words may make it appear in some related personal conversations unless your agent lets you disable or narrow activation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The invocation terms are excessively broad for a memoir-specific skill, including generic words like "mother," "writing," "addiction," and "trauma." This can cause the skill to activate in unrelated sensitive conversations, leading to inappropriate routing, unwanted intervention in high-emotion contexts, and accidental disclosure or mishandling of user intent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill centers on abuse, trauma, addiction, race, and body image, but provides no content notice, sensitivity guardrails, or escalation guidance. In practice, this may expose users to distressing material unexpectedly, especially because the trigger logic is broad and the skill is instructed to proactively present onboarding content on install.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal