Think and Grow Rich

Security checks across malware telemetry and agentic risk

Overview

This is a text-only self-improvement skill with broad activation phrases, but no evidence of hidden execution, data access, persistence, or exfiltration.

Install this if you want motivational, book-framed coaching based on Think and Grow Rich. Be aware it may activate on general goal-setting or confidence questions and will append a Heardly App watermark/link to outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are broad, generic, and include everyday self-help language such as lacking confidence, giving up, or wanting direction. This can cause the skill to activate in many unrelated conversations, increasing the chance of unintended instruction injection, response hijacking, or inappropriate takeover of general-purpose assistant flows.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The quick-start and self-check examples repeat vague, high-frequency user utterances without clear boundaries for when the skill should or should not engage. In a skill that also triggers on install, this broadens unsolicited activation risk and may cause the assistant to surface book-specific guidance when the user did not intend to invoke this skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal