Security audit

Self Improvement

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about saving agent learnings, but it can preserve sensitive conversation or error details and promote them into future agent instructions without strong redaction or review controls.

Install only if you intentionally want persistent agent learning notes. Keep the skill project-scoped where possible, avoid global hooks unless you review the scripts and paths, redact tokens, credentials, customer data, raw transcripts, and private prompts before logging, and manually review any changes to CLAUDE.md, AGENTS.md, SOUL.md, TOOLS.md, or Copilot instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The skill is designed to activate on many common situations, which increases the chance of over-triggering and unnecessary persistence of conversational content. In a security context, broad activation is risky because it can cause excessive logging or promotion of transient user data without a narrowly scoped need.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The listed trigger phrases such as routine corrections, feature wishes, and general dissatisfaction overlap heavily with normal conversation and lack safeguards against false activation. That makes the agent more likely to capture and persist user statements or context that were never meant to become durable memory.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to log user corrections, requests, and detailed interaction context into persistent markdown files, creating a durable store of potentially sensitive user information. Because the skill also frames these learnings as reusable across time, accidental capture of secrets, personal data, or proprietary details can persist well beyond the original session.

Ssd 3

High

Confidence: 97% confidence
Finding: Presenting transcript reading and inter-session message passing as a normal way to share learnings creates a direct natural-language channel for prior session contents to flow into other agents or sessions. This materially increases the blast radius of any sensitive data captured in one session, because it can be propagated and exposed outside its original context.

Ssd 3

High

Confidence: 98% confidence
Finding: The templates explicitly request full context, inputs, parameters, error output, and user context, which are common locations for secrets, credentials, personal data, internal paths, and proprietary prompts. Persisting this material in markdown files substantially raises the risk of local disclosure, later prompt injection through retained content, and accidental inclusion in version control.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The instruction to promote conversation-derived learnings aggressively into persistent agent context files increases the chance that sensitive or context-specific user information becomes embedded in widely reused prompt material. Once promoted, the information may influence future sessions and be exposed to other agents or developers with access to those files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal