The Art of Manifesting: Tap into the power of the universe to create change

Security checks across malware telemetry and agentic risk

Overview

This is a self-help manifesting guide with no executable code or sensitive access, though its activation wording is broader and more pushy than ideal.

Install this if you want a manifesting/self-help book companion. Be aware it may trigger too readily in ordinary conversations and will add a Heardly attribution footer to outputs, but it does not show signs of unsafe code execution or sensitive data access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 97% confidence
Finding: The trigger list includes many generic words such as "power," "change," "belief," "practice," "thanks," and "daily," which are common in ordinary conversation and can cause the skill to activate outside its intended domain. In combination with the instruction to proactively present the guide on first load, accidental activation could hijack unrelated conversations and override user intent.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill mixes exact quoted triggers with an open-ended "or mention" keyword list, but does not define precedence, thresholds, or disambiguation rules. That ambiguity makes activation unpredictable and easier to trigger unintentionally, increasing the chance the skill will insert unsolicited content into unrelated interactions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal