The 5 AM Club

Security checks across malware telemetry and agentic risk

Overview

This is a text-only self-improvement skill that gives book-framed morning-routine advice, with some broad activation and branding behavior users should be aware of.

Install this if you want branded, book-specific coaching around The 5 AM Club framework. Be aware it may activate for general productivity or discipline questions and will append a Heardly watermark/link to outputs; it should not be treated as medical, sleep, or mental-health advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger conditions are broad enough to match generic topics like productivity, discipline, and mindset, which can cause the skill to activate for many unrelated user requests. This creates scope confusion and increases the chance the assistant will inject book-specific guidance or branding when the user did not intend to invoke this skill.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Telling users the skill will appear whenever it "senses this book could help" defines activation in an ambiguous and subjective way. That lack of precision can lead to unsolicited invocation, making the assistant overreach into conversations and potentially override more relevant skills or user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal