The Creature From Jekyll Island

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk educational skill with somewhat broad activation triggers, but no evidence of hidden actions, credential access, persistence, or destructive behavior.

Before installing, understand that this skill may appear during ordinary discussions about money, banking, inflation, currency, or dollars. Install it if you want that topic guidance, and consider narrowing its triggers if you only want it used for the specific book or Federal Reserve discussion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The trigger list includes generic terms such as "money," "inflation," "banking," "currency," and "dollar," which can appear in many ordinary discussions unrelated to this specific book or skill. The file does not provide exclusion conditions or tighter context to distinguish when the skill should activate versus when these words are incidental.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The instruction to trigger when a user "just installed this skill or doesn't know how to start" is not operationally specific and lacks clear detection criteria. Without defined signals or boundaries, the skill may activate in unrelated help-seeking contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal