Super Mario

Security checks across malware telemetry and agentic risk

Overview

This is a content-only Super Mario/Nintendo business-lessons skill with some broad activation and promotional watermarking, but no executable code, data access, persistence, or hidden high-impact behavior.

Installers should expect this skill to provide Nintendo-themed business advice and append Heardly branding to responses. If precise routing matters, watch for broad triggers that may activate it on general startup, design, branding, crisis, or motivation prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad enough to activate on generic business or onboarding language, not just clear requests about the book or Nintendo. This can cause the skill to hijack unrelated conversations and inject off-topic guidance, which is a scope-control and prompt-routing weakness even though it is not directly code-execution related.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation scenarios include very broad, natural-language prompts such as startup, design, branding, crisis, and general requests for good news, which can match ordinary conversation far beyond the intended Nintendo/book context. This can cause unintended invocation of the skill, leading to irrelevant guidance, user confusion, and possible prompt-routing interference with more appropriate skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal