Study Habits

Security checks across malware telemetry and agentic risk

Overview

This is a simple local study-coaching skill with no code, external access, or hidden behavior; the only notable risk is that it may retain study history locally if the host supports that.

Safe to install for ordinary study planning. Be mindful that the skill is intended to remember study sessions, topics, confidence ratings, and exam schedules locally, so avoid entering sensitive academic or personal details you would not want retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrase "learn effectively" is broad and likely to match many general educational requests that are not specifically asking for this skill. Overly generic activation phrases can cause unintended invocation, which may confuse users, override more appropriate skills, or collect study-related inputs when the user did not explicitly request this tool.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrase "exam prep" is ambiguous and can apply to a wide range of conversations about tests, tutoring, schedules, or anxiety, making accidental activation more likely. In this skill’s context, unintended triggering is mainly a quality and scope-control issue rather than a direct security compromise, but it still increases the chance of inappropriate routing and unnecessary data capture.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal