认知自我进化 · 智能体能力进化引擎

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill is purpose-aligned for analyzing agent failure logs and generating local improvement notes, but users should scope its log access carefully.

Install only if you are comfortable letting the agent read the LOG_DIR you configure. Use a narrow log directory, avoid logs containing secrets, and prefer conservative or observe_only mode if you want to review generated patches before they affect future behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs the agent to read execution logs from LOG_DIR and extract task IDs, tool call chains, error details, and user feedback, but it does not present a clear privacy warning, consent requirement, or data-handling limitation. This can expose sensitive operational data or personal information contained in logs, especially because the skill also recommends continuous automatic analysis after each failed task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal