Security audit

neural-learning-engine

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill describing a simulated learning loop, with no code, install steps, credentials, or automatic external access.

Installers should treat this as a conceptual response-formatting skill, not a production memory system. If you extend it with persistent memory, event tracking, dashboards, or external AI APIs, review those additions separately and require clear user consent, retention limits, and data-minimization controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill description is highly generic and presents broad capabilities like processing commands, events, and requests without defining clear activation boundaries or scope limits. In an agent environment, vague trigger conditions can cause overbroad invocation, unintended handling of sensitive inputs, or use in contexts the author did not anticipate.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill references storing patterns in memory and integrating with external AI or API systems, but provides no disclosure, consent model, retention policy, or warning about possible transmission of user data. This can lead to silent persistence or sharing of potentially sensitive inputs, especially when embedded into dashboards, voice systems, or automation workflows.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.