cognitive-enhancement-engine

Security checks across malware telemetry and agentic risk

Overview

This is a local Python memory/planning helper, with a setup-script caveat about a shell alias but no evidence of malware or data theft.

Before running scripts/setup.sh, inspect it or skip it if you do not want shell startup files changed; using engine.py directly is the lower-impact path. Avoid storing secrets in the engine's memory because the tool is designed to retain and recall user-provided text during runtime.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The setup script persistently modifies the user's shell startup file by appending an alias, which changes the user's environment outside the immediate installation flow. This is risky because it creates lasting side effects without explicit opt-in, and the alias executes inline Python from the project directory whenever invoked, increasing trust and persistence beyond what is necessary for a pure local Python skill.

Context-Inappropriate Capability

Low

Confidence: 85% confidence
Finding: The script installs a persistent interactive alias that launches Python and imports code from the local engine directory, which is broader capability than a one-time verification step. While not overtly malicious, this creates a durable execution path that could later run modified local code under the user's account whenever the alias is used.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script writes directly to the user's shell startup file before any explicit warning or confirmation, so users may not realize their environment is being permanently changed. Silent profile modification is dangerous because shell RC files are executed in future sessions, making persistence easy and reducing user control over what runs in their shell.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal