Think and Grow Rich

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk guidance skill with somewhat broad activation language, not a skill that accesses data, runs commands, or changes the user’s environment.

Review the activation wording before installing. If you only want this skill when explicitly discussing the book or wealth-goal coaching, narrow its triggers or require confirmation before it responds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list is broad enough to activate on generic terms like wealth, success, desire, persistence, and self-confidence, which are common in unrelated conversations. This can cause unintended routing, making the agent respond with the skill's prescriptive framework in contexts where it was not requested, reducing user control and increasing the chance of misleading or inapplicable advice.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The phrase indicating the skill will appear whenever it 'senses this book could help' authorizes subjective, open-ended invocation rather than user-directed activation. In practice, this encourages unsolicited intervention and can bypass normal expectations of explicit consent, especially because the skill also mandates proactive onboarding on first load.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal