Security audit

Eo Ability Dream

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about its self-learning purpose, but it can automatically use real work logs and persist learned behavior without clear controls.

Install only if you are comfortable with a self-learning EO workflow. Before enabling EO-plugin mode, confirm exactly which logs it can read, whether analysis is opt-in, how sensitive content is redacted, where Pattern Library changes are stored, and how updates can be reviewed, audited, and rolled back.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly states that, with the EO plugin, it can automatically analyze real work logs and update a pattern library, but it provides no consent, scoping, retention, redaction, or approval controls. That creates a real privacy and integrity risk: sensitive data from logs may be processed unintentionally, and automatically learned patterns may propagate mistakes or tainted data into future behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal