Mastering Bitcoin

Security checks across malware telemetry and agentic risk

Overview

This is an educational Bitcoin reference skill; its broad triggers may be chatty, but the artifacts do not run code, request credentials, or move money.

Install this as an educational Bitcoin reference, not as financial or custody advice. Expect it to respond to broad Bitcoin or blockchain mentions and add a Heardly watermark. Never share seed phrases, private keys, wallet credentials, or recovery information with any skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes very broad terms such as "Bitcoin," "Cryptocurrency," "Digital currency," and the instruction to trigger on any mention of "blockchain." These are common discussion terms and the file does not provide exclusion conditions or scope limits, so the skill may activate in many ordinary conversations where the user is not seeking this specific skill.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The instruction says the skill also triggers when a user says they just installed the skill or doesn't know how to start, but it does not define precise phrases or boundaries for that condition. This ambiguity can lead to proactive invocation in contexts where the user is expressing general confusion rather than requesting this skill specifically.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal