Security audit

Logic Inversion Reflector

Security checks across malware telemetry and agentic risk

Overview

This is a local decision-reflection skill that challenges assumptions and shows no hidden data access, network use, persistence, or privileged behavior.

Safe to install from a security perspective. Use it as a thinking aid for non-urgent decisions, and be aware that it is intentionally confrontational; disable or ignore it when you do not want assumption-challenging feedback.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill allows automatic activation whenever it 'detects a major decision,' which is subjective and undefined. In practice this can cause unsolicited intervention, derail normal conversations, and override user intent by injecting adversarial-style challenge prompts into sensitive or time-critical contexts.

Vague Triggers

Low

Confidence: 87% confidence
Finding: The instruction to use LIR 'naturally in conversation' is overly broad and lacks bounded conditions, making it easy for the skill to activate in unrelated discussions. While less severe than the auto-detection trigger, it still risks unwanted cognitive pressure, conversation hijacking, and inconsistent behavior relative to user expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal