The Demon Haunted World

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk educational prompt skill, with only minor risk of being invoked too broadly during onboarding or book-reflection requests.

Safe to install if you want a Carl Sagan or skepticism-oriented thinking aid. Be aware it may activate on broad onboarding or reflective book prompts, so invoke it explicitly when you want that framework and disable or narrow it if it appears in unrelated conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill explicitly triggers when a user says they just installed the skill or does not know how to start, which are generic onboarding/help statements rather than topic-specific intent. This can cause the skill to activate unexpectedly and inject unsolicited content into unrelated conversations, creating prompt-routing confusion and reducing user control.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The phrase "Map this book to my life" is a broad catch-all style trigger that can overlap with ordinary exploratory language and may activate outside a clearly scoped request. In a skill system, vague triggers increase the chance of accidental invocation and unintended instruction precedence over the user's actual task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal