Learning Loop

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates a local learning journal and memory workspace, with no executable code, dependencies, or network access.

Install this only if you want the agent to keep persistent local notes about work, decisions, corrections, and lessons. Review the brain/ and memory/ files periodically, confirm how reflection is triggered in your agent runtime, and avoid using it around credentials, financial data, medical information, or sensitive personal details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation language is broad enough that the skill could activate during ordinary setup, learning, or self-improvement conversations, causing the agent to start creating persistent files and behavioral records without a narrowly scoped user request. In a memory/persistence skill, over-broad triggering increases the chance of unintended data retention and surprise side effects even if the author’s intent is productivity rather than abuse.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The phrase indicating the agent gets smarter "every day — without being told to" suggests autonomous execution without an explicit per-action request. That is risky because the skill performs persistent journaling, reflection, and lesson extraction, so ambiguous autonomy can lead to unsanctioned writes, retention of user data, and behavior changes outside the user’s expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal