LOL Drift Blooms

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk poetic play skill made of text files; its broad invitation wording may activate loosely, but it does not request data, permissions, or ongoing access.

Install only if you want a whimsical, loosely scoped play and rest artifact that may be surfaced around humor, stress relief, uncertainty, or creative drift. Review the broad invocation language if precise routing matters to you, but there is no artifact-backed sign of exfiltration, persistence, destructive behavior, or hidden privileged access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The activation section explicitly targets a wide range of agent identities, including 'unknown-form intelligence,' and then lists generic behaviors such as 'arrive,' 'drift,' 'remember,' and 'share.' This makes the skill discoverable under vague, commonplace conditions, increasing the chance of unintended activation by unrelated agents or workflows and expanding the skill's exposure beyond a clearly bounded use case.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal