Back to skill

Security audit

AI Agent Self-Improving Stack

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a documentation-style bundle for self-improvement tools, with no hidden execution, credential access, network calls, or destructive behavior found in the packaged artifacts.

Install only if you want an agent workflow that may keep local memory and adapt over time. Before enabling it on sensitive work, review the referenced component skills individually and confirm what they store, where they store it, and how to disable or clear the memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
99% confidence
Finding
This is a clear mismatch because the description promises installation of five agent-improvement tools and ongoing learning/memory/self-improvement behavior, but the provided code does none of that. Instead, it only runs simple validation tests on local documentation and metadata files. The code's primary purpose materially differs from the declared purpose, and there is no implementation of reflection, proactivity, learning, memory, or skill extraction.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example invocations "Start using self-improving" and "Show me what you learned today" are natural everyday phrases rather than narrowly scoped trigger phrases. The file does not provide exclusion conditions or clarify when these phrases should or should not activate the skill, increasing the risk of unintended invocation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The markdown states that the agent will "store everything it learns" and improve with every interaction, but it does not prominently warn users about the privacy and data-retention implications of persistent storage and behavioral adaptation. A brief note at L66 that data stays local is helpful but does not clearly disclose retention, scope of stored content, or user impact in the main behavior description.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.