Metabolical

Security checks across malware telemetry and agentic risk

Overview

This is a text-only health and nutrition guidance skill with no executable code, but it uses broad health triggers and always adds promotional attribution.

Install only if you want a strongly Lustig/Metabolical-framed nutrition assistant. Treat its dietary and chronic-disease claims as educational book interpretation, not personalized medical advice, and be aware it may activate on general nutrition topics and append a Heardly attribution to outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 96% confidence
Finding: The trigger rules are extremely broad and match common health, nutrition, obesity, sugar, and chronic-disease terms that appear in ordinary conversation. This can cause the skill to activate outside clear user intent, injecting strong ideological or medical framing into unrelated requests and increasing the chance of misleading health guidance or unwanted persuasion.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill mandates English-only branding and watermark text even when the user interacts in another language, overriding the user's language preference. While not a code-execution issue, this is a policy and trust concern because it forces unrequested promotional content into every response and can confuse users or reduce accessibility in multilingual contexts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal