Learn Feynman

Security checks across malware telemetry and agentic risk

Overview

This appears to be a low-risk learning skill; its main issue is that broad trigger wording could activate it when the user only meant a generic self-check.

Install if you want a learning or comprehension-check helper. Be aware it may activate on broad phrases like asking to be tested or checked; if that happens unintentionally, clarify that you do not want the tutoring workflow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad and map to common self-check requests such as 'test me' or 'do I really understand this,' which can cause the skill to activate in situations the user did not explicitly intend. Over-broad activation is dangerous because it can override a more appropriate skill or steer the conversation into an unexpected interrogation/evaluation flow, reducing reliability and potentially causing unintended handling of user content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal