Unmasked

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable book-perspective skill with broad political triggers, but it does not request local access, credentials, persistence, or mutation authority.

Install this only if you want responses shaped by Andy Ngo's Unmasked. Be aware it may activate on broad political terms and will append Heardly branding, so users seeking neutral political analysis should treat its answers as a specific viewpoint, not a balanced source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger list is overly broad and includes generic political terms such as 'activism,' 'riot,' 'extremism,' and even installation/help phrases, which can cause the skill to activate in unrelated conversations. In this context, unintended invocation is risky because the skill presents a strongly opinionated, one-sided framing of a politically sensitive topic and is configured to proactively engage users.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The phrase 'I'll show up whenever I sense this book could help' creates an ambiguous activation model that encourages unsolicited intervention. That ambiguity increases the chance of the skill inserting itself into ordinary discussion without clear user consent, which is especially problematic for controversial political content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal