The Clash Of The Cultures

Security checks across malware telemetry and agentic risk

Overview

This appears to be an investing-education skill with no evidence of hidden code, credential access, persistence, or unsafe automation.

Install if you want Bogle-style investing education, but treat it as educational content rather than personalized financial advice. Be aware it may activate for broad investing terms, so verify that its advice is relevant to your actual question before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest says to trigger on broad phrases such as "Index funds," "Long-term investing," "Speculation," "Investment philosophy," and mentions like "investment" or "Wall Street." These are common topical terms that may appear in many general finance conversations, and the file does not provide exclusion conditions or clearer scope boundaries to distinguish when this skill should or should not activate.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The line "Also triggers when the user says they just installed this skill or doesn't know how to start" is broad and underspecified. It does not define how the system should determine that the user is referring to this skill rather than expressing general confusion, which creates a risk of accidental invocation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal