Mind Magic

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only self-improvement/book guidance skill with broad activation wording but no executable code, credential use, persistence, or data access.

Install this as a self-improvement reading companion, not as medical or mental health care. Expect it to add Heardly branding to responses and to activate on broad wellness or manifestation-related language; the listed high-risk capability tags should be corrected or ignored unless a future version actually adds those powers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill defines very broad trigger phrases and generic topic mentions such as manifestation, visualization, neuroplasticity, and inner critic. In an agent ecosystem, this can cause over-broad invocation and context hijacking, where the skill activates for loosely related user requests and injects its own instructions, branding, and behavioral constraints into unrelated conversations.

Vague Triggers

Low

Confidence: 84% confidence
Finding: The instruction to trigger when the user 'just installed this skill or doesn't know how to start' is ambiguous and not tied to subject-matter intent. That can cause unsolicited activation and proactive output in contexts where the user did not ask for this skill, increasing prompt-surface exposure and interfering with normal agent routing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal