Security audit

Self-improvement-loop-v3

Security checks across malware telemetry and agentic risk

Overview

This is a local self-improvement pipeline that writes audit and state files, with disclosed auto-revision behavior but no hidden network, credential, installer, or destructive activity found.

Install only if you want a local pipeline that creates and updates project state across runs. Use a dedicated output directory, review revision_rationale.md and revised_specification.json before accepting changed targets, and run with --no-auto-revise or --no-transfer when you need stricter human control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (6)

Intent-Code Divergence

Medium

Confidence: 78% confidence
Finding: The implementation applies `best_actual * 0.95` universally, which is directionally wrong for higher-is-better metrics: it relaxes the target, but for lower-is-better metrics it can make the target stricter than the best observed value while the comments imply an easier target. In a skill explicitly designed for autonomous re-specification, this flawed logic can silently distort acceptance criteria and undermine process integrity without human review.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill explicitly recommends use for broadly defined goals and positions itself as a one-command end-to-end pipeline. In an agent environment, this increases the chance of over-triggering autonomous execution, file writes, and iterative behavior for requests that did not warrant such broad authority, potentially causing unintended actions or excessive autonomy.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The 'Any Goal, Any Input' quickstart framing implies near-universal applicability without operational boundaries. In a skill-routing context, such wording can cause the orchestrator to be selected for arbitrary tasks, expanding access to automation and persistent state beyond what the user likely intended.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The outputs section describes creation and updating of multiple state, log, chain, and report files, but the skill does not prominently warn users that invocation will autonomously persist and mutate artifacts across cycles. In agent settings, silent persistent writes can leak sensitive task context, create audit artifacts unexpectedly, or clutter/overwrite working directories.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises autonomous re-specification and continuation without human intervention, but does not pair that with a prominent safety warning or approval gate. This is dangerous because the system can silently alter success criteria and continue acting under changed goals, undermining user intent, governance, and trust in the resulting outputs.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly enables autonomous modification of specifications and continuation of the pipeline without human intervention. In this context, silent self-redefinition of success criteria is dangerous because it can mask failures, bypass governance, and erode trust in evaluation results, especially when paired with flawed revision logic.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal