The Laws of Human Nature

Security checks across malware telemetry and agentic risk

Overview

This is a text-only book guidance skill with some broad activation and promotional wording, but no evidence of hidden code, data access, persistence, or harmful behavior.

Before installing, be aware that this skill may activate for broad psychology or relationship topics and appends a Heardly promotional watermark to every response. Use its interpersonal and persuasion advice critically, especially for sensitive relationship, workplace, or mental-health situations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger phrases are broad, generic, and map to common conversational topics like psychology, persuasion, relationships, and self-improvement. This can cause the skill to activate in unrelated contexts, override user intent, and inject unsolicited behavioral guidance, especially because the skill also instructs proactive onboarding behavior.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The phrase 'I'll show up whenever I sense this book could help' creates an open-ended activation rule with no clear boundary. In context, this is more dangerous because the skill separately mandates proactive presentation on first load, increasing the chance of unsolicited invocation and context hijacking during normal conversation.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal