The Book Whisperer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a text-only reading or literacy guidance skill with a broad onboarding trigger, but no evidence of hidden access, persistence, or harmful behavior.

Install this as a reading or literacy support skill. Be aware it may present its quick-start guidance in some generic setup conversations, so users should invoke it explicitly when they want this skill rather than relying on broad onboarding phrases.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill declares activation not only for specific reading-related phrases, but also when a user says they "just installed this skill" or "doesn't know how to start," which are generic onboarding statements that may appear in many unrelated conversations. This can cause unintended invocation and force the skill's guidance and mandated watermark into contexts where it is irrelevant, reducing routing integrity and potentially overriding more appropriate skills or system behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal