Self Improving Enhancement

Security checks across malware telemetry and agentic risk

Overview

This is a local memory helper, but it needs Review because it persistently logs all chat text and image metadata and limits cleanup of recent logs.

Install only if you intentionally want local, persistent chat logging. Review ~/self-improving and ~/self-improving/chat-logs regularly, avoid logging secrets or sensitive personal data, and confirm you are comfortable with recent logs being protected from the built-in cleanup command for 30 days.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (15)

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The security boundaries claim excludes health data, yet the multi-skill sync section explicitly mentions syncing with a health-related skill and remembering health habits. Contradictory privacy claims create a real risk that sensitive health-adjacent information will be stored or propagated under weaker controls than users were promised.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The skill says there is no cross-user memory sharing, but the team-collaboration use case describes shared/common preferences across multiple people using the same assistant. That inconsistency can lead to personal preferences or behavioral data bleeding across users, violating privacy expectations and potentially exposing one user's data to another.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README advertises cross-skill knowledge sharing, automated compaction, pattern recognition, and scheduled reviews, but does not warn that these features may aggregate data across contexts or modify stored memory automatically. In a memory-oriented skill, that omission matters because users may unknowingly enable broader data propagation or silent alteration of retained information, increasing privacy and integrity risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The installation and usage instructions direct the user to initialize and operate a memory system that stores persistent data under the home directory, but the README does not clearly disclose that local files and ongoing state will be created and maintained. This can lead to unexpected persistence of sensitive conversation-derived data and surprise modification of user files.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill prominently advertises full logging of all chat text and images, but it does not provide an upfront privacy warning, consent flow, or clear notice about retention and exposure. Collecting comprehensive conversational content without explicit informed consent creates significant privacy and compliance risk.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The quick-start path instructs users to initialize a memory system that includes full chat logging without first surfacing the retention and privacy consequences. Users may enable persistent logging during setup before understanding that all text and image references will be stored locally.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The documentation includes an auto-confirm cleanup mode that bypasses prompts, but it does not strongly warn about deletion consequences or recovery limits. In a system designed for persistent memory and logs, unattended deletion can destroy audit history or user data unexpectedly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The tool writes full chat content to persistent storage by default with no explicit consent, notice, or sensitivity controls. In a chat-assistant skill, conversations often contain credentials, personal data, proprietary information, or security-relevant context, so silent retention materially increases privacy and breach risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Image logging persists sensitive metadata including file paths, free-form descriptions, context strings, and hashes without a clear user warning. File paths and contextual notes can expose usernames, project names, case identifiers, internal directory layouts, or other sensitive operational details even when the image bytes are not stored.

Ssd 3

High

Confidence: 98% confidence
Finding: Retaining all chat content, including text and image descriptions, creates a broad natural-language data store that will likely contain personal, confidential, or sensitive information. The ability to persist and later retrieve that corpus increases both breach impact and insider exposure risk.

Ssd 3

High

Confidence: 97% confidence
Finding: The usage examples explicitly show commands for recording all chat content and later viewing stored logs, which operationalizes broad collection and easy exposure of user data. In a memory skill, this makes privacy harm more acute because the system is specifically designed to accumulate conversational history over time.

Ssd 3

Medium

Confidence: 91% confidence
Finding: Cross-skill memory sharing spreads remembered habits and preferences beyond the context in which they were originally provided. That increases the chance of unauthorized secondary use, context collapse, and disclosure of personal data to components or workflows the user did not intend to inform.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The script is explicitly designed to retain all chat content and image-related context to prevent loss across restarts. In an agent-skill setting, comprehensive retention of natural-language interactions creates a broad confidentiality hazard because sensitive information may be captured indefinitely in plain files and later exposed through local compromise, backup leakage, or unintended sharing.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The logger stores full conversation content and arbitrary metadata verbatim in JSONL files, which can easily include secrets, personal data, or confidential business information. Because this is the core function of the skill, the context makes the risk more serious: the component is purpose-built for durable capture rather than incidental logging.

Ssd 3

Medium

Confidence: 97% confidence
Finding: Persisting image paths, descriptions, and context can leak sensitive user information even without storing the actual image. In many environments, pathnames and descriptions alone reveal identities, locations, internal projects, or case details, making this a real data-exposure risk tied directly to the skill's logging purpose.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal