Self-Improvement System

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it automatically creates and uses persistent agent-memory files that can steer future sessions without clear user confirmation.

Install only if you intentionally want persistent local agent memory. Decide where these files should live, review soul.md, lessons.md, playbook.md, mistakes.md, and session-log.md regularly, and require confirmation before allowing the skill to create or modify them. Do not allow it to store user content, secrets, credentials, or sensitive details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The skill declares very broad trigger phrases and also self-triggers at session start, on detected errors, and periodically, which can cause it to run without clear user intent. Because it performs file reads/writes to persistent memory-like artifacts (`soul.md`, `lessons.md`, `playbook.md`, `session-log.md`), unintended invocation can create unauthorized state changes, overwrite local guidance, or amplify bad instructions over time.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal