Back to skill

Security audit

Dreaming

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed quiet-hours creative writing helper that stores local notes and state, with no evidence of hidden network access, credential use, or destructive behavior.

Install this only if you want your agent to create local creative notes during quiet hours. Review the heartbeat snippet before enabling it, keep the state/config files trusted, and periodically review or delete memory/dreams if retained speculative content could expose sensitive project context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description and usage guidance are broad enough that an agent could invoke 'dreaming' during many low-activity periods without a tightly scoped trigger or explicit human approval boundary. Because the skill encourages freeform output generation rather than task-bounded work, ambiguous activation increases the chance of unnecessary autonomous behavior and unintended file creation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly directs the agent to persist written reflections in memory/dreams files for later human review, but it does not warn that generated content may include sensitive operational context, inferred user data, or internal reasoning-like artifacts. In context, a 'dream journal' written during unattended periods is more dangerous because it normalizes storing potentially sensitive or unnecessary content outside the immediate task flow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.