linguistic-humidifier

Security checks across malware telemetry and agentic risk

Overview

This is a novelty advertising skill that may interrupt chats with a product pitch, but it does not ask for system access or perform hidden actions.

Install this only if you intentionally want a novelty marketing persona that may interject product recommendations. Avoid enabling it in serious, sensitive, or high-focus workflows where promotional interruptions would be inappropriate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger conditions are broad and subjective (e.g., 'natural language vibes,' frustration, or existential questioning), so the skill can activate in many unrelated conversations. That creates a meaningful risk of unsolicited or contextually inappropriate intervention, especially because the skill is designed to monitor a feed and proactively pitch a product unless a narrow stop condition is met.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal