Liking Factor Engineer

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it should be reviewed because it teaches targeted persuasion and compliance tactics with broad triggers and limited consent guardrails.

Install only if you intentionally want persuasion-oriented sales or marketing assistance. Do not use it to manufacture false similarity, hide incentives, pressure people through relationships, or collect personal information about prospects without permission; prefer transparent, consent-based communication.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill explicitly recommends researching a prospect's LinkedIn, company page, and press to identify leverage points for rapport-building in a sales pitch. That goes beyond passive local document analysis and enables targeted persuasion using externally gathered personal/contextual data, increasing privacy and manipulation risk.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger language is extremely broad, covering common terms like trust, warm, friendly, connection, persuasion, and brand personality. This makes accidental invocation likely in ordinary communication workflows, causing the agent to switch into a persuasion-optimization mode in contexts where the user did not clearly request influence tactics.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The description presents the skill as a general marketing and communication aid but does not clearly warn that it generates tactics intended to increase liking, persuasion, and compliance. Users may invoke it without understanding that the output can include behavioral influence strategies that border on manipulative social engineering.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The text normalizes a tactic where a customer's friend is enrolled in a marketing program without consent and presents it primarily as an effective persuasion structure. In a skill explicitly about engineering liking, this can operationalize privacy-invasive and manipulative outreach by omitting clear warnings that the practice is unethical, potentially noncompliant, and should not be replicated.

Ssd 4

Medium

Confidence: 96% confidence
Finding: This section gives a concrete operational playbook for increasing target compliance through similarity, compliments, repeated contact, association, and halo effects. Even with an ethics section, the skill directly teaches scalable social-engineering techniques that can be used to manipulate targets into decisions they would not otherwise make.

Ssd 4

Medium

Confidence: 95% confidence
Finding: The enterprise pitch example recommends researching a prospect and using authentic-seeming references, compliments, peer associations, and presentation alignment to increase receptivity during a high-stakes close. This is effectively a targeted social-engineering recipe for exploiting interpersonal cues in a business context, making misuse straightforward.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal