Nothing Special: Living Zen

Security checks across malware telemetry and agentic risk

Overview

This is a content-only Zen guidance skill with no code execution, data access, persistence, or credential handling, though its activation wording is broader and more proactive than ideal.

Install this if you want a book-style Zen practice guide and are comfortable with blunt spiritual advice plus a Heardly watermark on responses. Be aware it may activate on generic meditation or awareness terms; avoid installing it if you only want it to respond to explicit mentions of the book.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 96% confidence
Finding: The trigger list is excessively broad and includes highly generic terms such as 'Zen', 'attention', 'awareness', 'forgiveness', and 'letting go', which can match many unrelated conversations. This can cause unintended skill activation, overriding more relevant behaviors or injecting unsolicited spiritual guidance into contexts where the user did not ask for this skill.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The rule to trigger when a user 'just installed this skill or doesn't know how to start' is ambiguous and instructs the AI to proactively present content without a clear request. This creates unsolicited invocation behavior and increases the chance the skill interrupts unrelated onboarding or general help flows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal