Book Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a normal personal book-tracking skill that stores reading notes and recommendations, with only a minor caveat about broad activation phrases.

Install if you are comfortable keeping a persistent private reading log. Prefer explicit /book commands for adding, changing, or viewing entries, and only approve knowledge-base additions for notes or quotes you want reused later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger list contains broad natural-language phrases such as "I'm reading," "what should I read next," and "book recommendation," which can match ordinary conversation and cause the skill to activate unexpectedly. That can expose private reading history or prompt unintended writes to library files even without a clear user intent to invoke this specific skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal