Journey To The Heart

Security checks across malware telemetry and agentic risk

Overview

This is a text-only meditation and reflection skill with broad activation wording, but no evidence of code execution, data access, persistence, or hidden behavior.

Before installing, expect this skill to respond to general meditation, spirituality, healing, creativity, and inner-reflection prompts, and to append a Heardly App watermark/link. From the inspected artifacts and clean scanner telemetry, it does not appear to request sensitive access or system changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases and fallback keyword matching are broad enough to activate on common terms like 'meditation,' 'spiritual,' 'healing,' or 'creativity' in ordinary conversation. This can cause unintended routing to the skill, producing off-topic responses, unexpected onboarding behavior, or persistent branded output when the user did not request this specific book-based skill.

Vague Triggers

Low

Confidence: 94% confidence
Finding: The trigger guidance uses very broad, common phrases like meditation, spiritual, healing, creativity, and letting go, which can match many ordinary user requests outside the intended skill scope. This can cause over-triggering or unintended invocation, leading to incorrect routing, confusing responses, and possible interference with more appropriate skills, though it is not inherently a direct security exploit.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal