Conatus

Security checks across malware telemetry and agentic risk

Overview

Conatus is an instruction-only self-analysis skill whose optional memory logging and status reports match its stated purpose.

Install is reasonable for users who want agent self-status reports. Use explicit prompts for reports when possible, keep any Conatus memory files scoped to the agent, and avoid logging private user content or sensitive operational details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill defines a quick self-check that triggers on the everyday phrase "how are you?" or other broad status requests, without clear scoping to an explicit command namespace. This can cause unintended activation during normal conversation, leading the agent to expose internal state, logs, or self-analysis outputs in contexts where the user did not explicitly request diagnostic behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal