The Artists Way

Security checks across malware telemetry and agentic risk

Overview

This is a text-only creativity coaching skill with no executable code or data access, though its activation language and branding are somewhat broad.

Install only if you want The Artist's Way-style creativity coaching. Expect branded Heardly footer text and occasional book-specific guidance on broad creativity topics; there is no code execution or sensitive access in the reviewed artifacts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger conditions are broad enough to activate on generic creativity-related queries that may not specifically request this skill. That can cause unsolicited routing, override user intent, and surface book-specific guidance in contexts where it is only loosely relevant, reducing reliability and potentially steering users away from better-matched assistance.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The Quick Start states the skill will appear whenever it 'senses this book could help,' which encourages vague, heuristic invocation rather than user-directed activation. This increases the chance of the skill inserting itself into unrelated or borderline conversations, creating unintended behavior and making the assistant easier to manipulate through loosely related wording.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal