Spy The Lie

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be an educational interrogation/deception-detection guide, but its broad activation triggers and under-emphasized safety limits could steer ordinary conversations toward unreliable suspicion-based questioning.

Review this skill carefully before installing. Use it only for educational or clearly consent-based interview preparation, not to accuse partners, coworkers, or vulnerable people of lying. Deception cues are not proof, and high-stakes situations should use qualified legal, HR, safeguarding, or clinical support instead.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger rules are broad enough to activate on generic terms like 'CIA,' 'interview,' 'security,' or a user saying they just installed the skill, which can cause the skill to engage in unrelated conversations without clear user intent. In this context, unintended invocation is especially risky because the skill provides quasi-interrogation and deception-detection guidance that could steer ordinary interactions toward suspicion, false accusations, or manipulative questioning.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill markets interrogation and lie-detection techniques prominently but does not present an upfront warning in the description about their unreliability, potential for false positives, or the risk of harming relationships and decisions if applied to real people. Although later sections mention false positives, the missing early warning increases the chance users will overtrust the material and use it inappropriately in personal, workplace, or coercive settings.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The passage explicitly says the reverse timeline technique works in personal situations 'when trust is on the line,' which encourages applying interrogation-style deception detection in intimate relationships. Although there is an earlier caution not to treat a partner like a suspect, the highlighted takeaway undercuts that warning and lacks a clear, prominent statement about the risk of false accusations, relationship harm, and misclassification of innocent behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal