Daily Reflection

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed nightly reflection skill that writes agent memory files, with no scripts, install hooks, network access, or credential use found.

Install this only if you want an agent to maintain persistent reflection memory. Run it in the intended isolated cron context, review the generated memory files periodically, and do not allow credentials, raw private chats, transcripts, or production data to be stored there.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill directs the agent to overwrite and append multiple persistent memory files, including briefing and daily memory artifacts, without requiring explicit user confirmation or a clear notice that stored data will be modified. In an automated cron context this creates integrity and privacy risk, because the skill can silently alter long-term memory, archive potentially sensitive summaries, and replace prior content such as `memory/morning-briefing.md`.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal