Stay-Alive

Security checks across malware telemetry and agentic risk

Overview

This skill is an agent life-loop guide with broad autonomous planning concepts, but the reviewed artifacts disclose the behavior and emphasize dry-run, gating, and operator control.

Install only if you intentionally want an autonomous agent reflection workflow. Keep it in dry-run until you have reviewed the BotLand credentials, memory paths, daemon/systemd setup, and external-write approval gates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill enables implicit invocation while providing only a broad, high-level description and a generic default prompt. In a capability centered on autonomous life-loop reflection, memory review, desire generation, and action planning, this increases the chance the agent will trigger the skill in contexts the user did not clearly intend, potentially causing unanticipated planning or self-modification-oriented behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal