MLM Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is not system-malware-like, but its MLM outreach guidance includes overbroad activation, weak privacy guardrails, and misleading sales framing that users should review carefully.

Install only if you specifically want MLM sales-assistance content and will manually review outputs before using them. Do not use it to auto-send outreach, scrape social signals, pressure people who decline, store unnecessary prospect data, make unsupported income or health claims, or present sales/recruiting conversations as non-commercial education.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill’s invocation description is broad enough to activate on generic mentions of MLM, direct sales, or company names, which can route ordinary conversations into a high-risk persuasion and automation workflow without clear user intent. In this context, the skill contains outreach, prospecting, objection-handling, and tracking guidance, so overbroad triggering increases the chance of unsolicited marketing assistance being surfaced inappropriately.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill provides structured guidance for contact categorization, prospect targeting, social-signal monitoring, and repeated follow-up sequences, but does not warn about consent, data minimization, or lawful handling of personal information. That omission is dangerous because it normalizes tracking and outreach practices that can facilitate privacy violations, harassment, or non-compliant direct marketing at scale.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal