Back to skill

Security audit

Unified Self Improving

Security checks across malware telemetry and agentic risk

Overview

This memory skill is mostly purpose-aligned, but it can persist sensitive session content and its file-management scripts are not safely confined to the intended memory folder.

Install only if you intentionally want persistent local agent memory. Do not log secrets, credentials, customer data, private prompts, or sensitive project details. Use only trusted JSONL imports and simple namespace/record names without slashes or dot-dot path segments, and prefer a patched version that validates paths before writing, moving, importing, or deleting memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly performs automatic cleanup, retention, merging, and indexing of session-derived data, but does not warn users about what will be retained, for how long, or when deletion occurs. This creates a transparency and consent gap that can lead to unexpected persistence or loss of user-provided content, including potentially sensitive material.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill instructs persistent logging, indexing, and cross-session recall of corrections and patterns, which creates a durable natural-language memory of user content. Without explicit limits on sensitive data, minimization rules, or access controls, this can retain secrets, personal data, or confidential project context beyond the originating session.

Ssd 3

Medium
Confidence
94% confidence
Finding
The examples encourage logging user corrections, errors, and patterns directly into durable memory files, and the storage schema stores free-form content without semantic safeguards. In practice, users often include tokens, internal URLs, customer data, or proprietary prompts in corrections and error descriptions, so unrestricted persistence materially increases data exposure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.