Back to skill

Security audit

Evolutionary Model

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only framework for file-backed agent memory, with privacy caveats but no hidden code, installer, credential use, or exfiltration behavior.

Install only if you want a file-backed agent memory framework. Decide where USER.md, MEMORY.md, daily logs, and chat logs will live, avoid storing secrets or sensitive personal data in plain text, set retention and deletion rules, and inspect any future skills or scripts added under the proposed skills directory before allowing them to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The top-level `when_to_use` is broad enough to activate on many generic requests about AI agents, which can cause the skill to be invoked inappropriately and steer the agent into a persistent-memory workflow when the user did not explicitly ask for it. In this skill, that matters because the documented architecture includes durable memory, logging, and protocol changes, so accidental activation could expand data collection or alter agent behavior beyond the user's intent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The example `when_to_use` format encourages authors to write vague triggers like 'Use when user asks for X, Y, or Z,' which promotes overbroad matching across future skills. Because this document is a framework for creating additional skills, that ambiguity can propagate widely and cause repeated unintended activation of capabilities, increasing the chance of inappropriate actions or data handling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly recommends persistent storage of session state, daily logs, curated memory, and full chat logs, but it does not include privacy, minimization, consent, retention, or access-control guidance. In context, this is more dangerous because the skill's core value proposition is long-term accumulation of user-specific and institutional knowledge, which raises the likelihood of storing sensitive personal, business, or credential-adjacent information over time.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.