Nm Abstract Metacognitive Self Mod

Security checks across malware telemetry and agentic risk

Overview

This appears to be a self-improvement tracing skill, but its trace collection and retention are under-explained for potentially sensitive workspace data.

Install only if you are comfortable with the skill recording operational traces. Before use, decide where traces are stored, how long they remain, who can read them, and whether secrets, personal data, prompts, credentials, and sensitive file paths are redacted or excluded.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill explicitly records execution traces, decision rationales, file targets, and retention details, but it does not include any user-facing privacy notice, consent mechanism, or guidance on avoiding sensitive data capture. In a self-improvement/meta-optimization context, these traces can easily contain proprietary code paths, filenames, prompts, or operational behavior, increasing the chance of unintended collection and retention of sensitive information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal