the slight edge

Security checks across malware telemetry and agentic risk

Overview

This is a book-based self-improvement guide with broad activation and branding, but no code, credential access, persistence, or destructive behavior.

Install this only if you want The Slight Edge-style coaching to answer general habit, consistency, and compounding-action prompts. Expect proactive onboarding and a Heardly watermark in responses; there is no evidence that it runs code, reads files, uses credentials, or persists anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger conditions are broad, generic self-help phrases and explicitly include activation on install, which can cause unsolicited invocation in contexts the user did not intend. This increases the chance of scope hijacking, irrelevant guidance, and prompt-surface expansion where the skill activates on weak semantic matches rather than clear user intent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The self-check trigger list is vague and lacks scope boundaries, so common phrases like 'I keep quitting' may match many unrelated situations and incorrectly route users into this skill. While less severe than the install-time trigger, it still creates overbroad activation risk and can degrade user trust or override more appropriate skills.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal