Dual Thinking

Security checks across malware telemetry and agentic risk

Overview

This skill is broad and powerful for skill review workflows, but its file inspection, external consultation, patching, and validation behavior are disclosed and aligned with that purpose.

Install only if you are comfortable with a workflow skill that may read local skill/runtime files, paste artifact text to external model consultants when allowed, and apply real patches during review. Use local-only or findings-only constraints for private code or when you want review without mutation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill description advertises a review/escalation method, but the body authorizes additional repository inspection, packaging enforcement, and validation behavior that materially expands what the skill may do. This kind of scope mismatch is dangerous because users and higher-level policy may grant trust based on the short description while the actual prompt drives broader filesystem and release-gating actions than expected.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The self-evolution lens activates on broad conditions such as reviewing a skill in the same domain or requests for stronger review, which can unexpectedly switch the skill into aggressive self-modification and broader inspection behavior. In context, that means ordinary review requests may be escalated into invasive rewrite or self-hardening flows the user did not clearly request.

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The skill requires internet-assisted review and live external evidence whenever available, without first requiring explicit user approval for network use. That can violate privacy, leak artifact content to external services, and override local-only expectations, especially because the skill handles source artifacts and review material that may be sensitive.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger conditions are broad enough to activate on generic requests for self-improvement, hardening, or making a skill more powerful, which can expand the skill's scope into self-modification and optimization without a narrowly bounded user intent. In a skill whose purpose includes orchestration and self-review, this increases the chance of unsafe escalation into rewriting or strengthening the agent's own behavior beyond the original task.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The file contains a generic continuation signal paired with an automatic next action to forward a patched package to another orchestrator, which can trigger workflow progression without strong gating or explicit re-authorization. In a multi-orchestrator skill-hardening context, this increases the chance of unintended activation, duplicate execution, or propagation of state based on stale or attacker-influenced round metadata.

Self-Modification

High

Category: Rogue Agent
Content: - the artifact under review is `dual-thinking` - the user asks `dual-thinking` to improve itself - the artifact is a skill in the same native domain as `dual-thinking` - the user asks for stronger self-review, meta-review, self-hardening, or self-rewrite - the user asks how to make the skill more powerful for the purpose it was created for When active:
Confidence: 95% confidence
Finding: self-rewrite

Self-Modification

High

Category: Rogue Agent
Content: - the artifact under review is `dual-thinking` - the user asks `dual-thinking` to improve itself - the artifact is a skill in the same native domain as `dual-thinking` - the user asks for stronger self-review, meta-review, self-hardening, or self-rewrite - the user asks how to make the skill more powerful for the purpose it was created for Precedence: early-exit conditions in `When not to use dual-thinking` suppress the lens for trivial work.
Confidence: 96% confidence
Finding: self-rewrite

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal