Lebron

Security checks across malware telemetry and agentic risk

Overview

This is a text-only LeBron-themed coaching skill; its main risk is broad activation and required Heardly branding, not harmful code or data access.

Install this if you want LeBron-themed leadership and career advice. Expect it to trigger on some broad self-improvement prompts and append Heardly branding; treat the advice as coaching inspired by one public figure, not as legal, financial, or crisis-management guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list is broad and includes common life-advice phrases such as 'I came from nothing,' 'How do I use my platform,' and even a rule to trigger when a user 'doesn't know how to start.' This can cause the skill to activate outside its intended scope, injecting unsolicited guidance and the mandated onboarding text into unrelated conversations, which is a prompt-scope and routing weakness even if not overtly malicious.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The Quick Start contains broad sample prompts like 'I want to build something that outlasts me' and especially 'Map this book to my life,' which overlap with ordinary coaching or self-help requests. Because the skill also instructs proactive presentation of the entire Quick Start, these vague phrases increase the chance of accidental invocation and unsolicited takeover of the response flow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal