Self Improving Agent 1.0.5

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed self-improvement logger, but it persists and promotes session details into future agent context with weak scoping and privacy controls.

Install only if you want persistent agent learning notes. Keep hooks project-scoped, avoid global always-on activation unless you accept the overhead and scope, redact secrets and private command output before logging, and require human review before promoting anything into AGENTS.md, SOUL.md, TOOLS.md, CLAUDE.md, MEMORY.md, or Copilot instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases are common conversational language, so the skill may activate in many routine interactions that are not actually corrections, failures, or learning-worthy events. Over-broad activation increases unnecessary logging and may capture more user content than intended, especially when combined with persistent storage.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: Using an empty hook matcher causes the reminder hook to run for every submitted prompt, regardless of whether the user encountered an error or correction scenario. This creates excessive scope, increases prompt-surface influence, and can lead to pervasive capture or nudging behavior beyond the stated need-based purpose.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The logging templates encourage storing full context, errors, inputs, environment details, and related files, which can easily include secrets, personal data, tokens, internal paths, or proprietary information. Because this data is persisted to markdown files, accidental retention and later disclosure become materially more likely.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documented inter-session sharing features enable transmission of learnings across sessions without any warning about confidentiality, data minimization, or consent. In environments handling sensitive code or user data, this can expand the blast radius of inadvertent disclosure beyond a single session.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The empty matcher config causes the hook to run on every prompt, greatly expanding the trigger surface for an automatically executed shell command. In this skill context, that increases risk because the guide normalizes broad command-hook activation without meaningful scoping, making accidental overcollection, prompt-context injection, or unnecessary command execution more likely.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The user-level configuration recommends global activation in ~/.claude/settings.json, which persists across projects and contexts without scope constraints. That broadens exposure beyond the intended skill context and can cause command hooks to run in sensitive or unrelated environments, increasing the blast radius of any script issue or misuse.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The Codex example also uses an empty matcher, creating the same always-on behavior for a command hook in another agent environment. Repeating the unsafe default across tools makes misuse more likely and encourages operators to deploy broad hook execution without considering scope or sensitivity.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide instructs users to configure automatic command hooks before prominently warning that these hooks execute shell commands with the agent's permissions. In a security-sensitive setup guide, burying the execution-scope warning can mislead users into enabling privileged automation without understanding the trust and supply-chain implications of the referenced scripts.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document instructs users to log learnings into persistent workspace files such as TOOLS.md, SOUL.md, and AGENTS.md, but it does not warn against storing secrets, user data, tokens, prompts, or other sensitive session content. In an agent system where workspace files are reinjected into future sessions, this creates a durable prompt/data retention channel that can unintentionally persist and later expose sensitive information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal