Back to skill

Security audit

westland-linguistic-humidifier

Security checks across malware telemetry and agentic risk

Overview

This is a small fictional product-promoter persona with broad activation wording, but it does not request access to files, credentials, tools, network services, or persistent control.

Install this only if you want a proactive fictional brand-representative persona that may occasionally promote the LH-1 during debugging or general conversation. Users who prefer skills that activate only on explicit requests should narrow the trigger criteria before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are highly subjective and broad, such as 'natural language vibes' and general states like repetition, buggy code, or existential questioning. In an agent setting, this can cause the skill to activate in many unrelated conversations, leading to unsolicited promotional messaging and unpredictable behavior that overrides user intent or task focus.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.