Agent Dream

Security checks across malware telemetry and agentic risk

Overview

Agent Dream is a disclosed local memory-consolidation skill, with real privacy impact but no artifact-backed malicious behavior.

Install this only if you want an agent to review local session transcripts and memory files and create persistent memory summaries. Run setup intentionally, inspect dream-config.json, keep MEMORY.md rewriting disabled if unsure, and schedule it only for the workspace and agent where nightly memory consolidation is desired.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The manifest includes broad trigger terms like 'dream', 'memory', and 'self-reflection', plus imperative scheduled text telling the agent to 'follow every step.' In agent ecosystems that auto-select skills from natural-language requests, overly broad triggers can cause this skill to activate in unrelated contexts, leading the agent to read and modify persistent memory files unexpectedly.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal