Agent Autopilot.Bak

Security checks across malware telemetry and agentic risk

Overview

This skill is not deceptive, but it sets up a persistent self-driving agent that can keep changing local project state and agent memory with weak stop and approval boundaries.

Install only if you intentionally want a persistent autonomous agent. Use a narrow workspace, review all identity and memory files before enabling heartbeat execution, define stop conditions, and require confirmation for commits, deployments, external resources, credential use, and broad file changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The skill goes beyond a narrow heartbeat/task-tracking role by instructing creation and initialization of a separate agent workspace, installing dependencies, and checking for additional core files. This expands the skill's operational scope and gives it authority over broader agent state, which can be abused to plant persistent instructions or modify environments outside the immediate task loop.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill instructs operators to write IDENTITY.md, SOUL.md, and USER.md for new agents, which materially alters agent behavior and persona beyond task automation. Because these files shape long-lived agent instructions, this creates a persistence mechanism that could embed unsafe policies, override user expectations, or propagate adversarial behavior into future runs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal