Back to skill

Security audit

Self Improving Agent 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it tells an agent to automatically persist user and error context and sometimes write durable agent memory without enough review or redaction controls.

Install only if you are comfortable with an agent writing persistent learning logs in the project. In shared, proprietary, or version-controlled repositories, require confirmation before logging conversation-derived content, redact secrets and personal or confidential data, and manually review any proposed changes to `CLAUDE.md` or `AGENTS.md`.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The description says to use the skill whenever a command fails unexpectedly, an external API or tool fails, outdated knowledge is noticed, or before major tasks. Several of these conditions are broad and common across many interactions, and the file does not provide exclusion conditions or clear boundaries for when not to invoke the skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Examples like "Actually, it should be...", "Can you also...", and "Is there a way to..." overlap heavily with ordinary conversation and can match many requests unrelated to logging learnings. Without scope constraints or negative examples, these phrases could trigger the skill too often.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The markdown description states that the skill logs learnings and errors to markdown files, which affects repository contents and may capture user feedback, command details, error output, and environment details. The document provides no user-facing warning about file modification, persistence, or the need to avoid logging secrets or sensitive data.

Ssd 3

Medium
Confidence
79% confidence
Finding
The skill directs the agent to 'automatically log' corrections, feature requests, knowledge gaps, errors, user context, inputs/parameters, and full details into markdown files, and later promote broadly applicable items to shared memory files. In natural-language terms, this creates a standing instruction to retain and potentially redistribute user-provided or sensitive operational data without any minimization, redaction, or consent guardrails.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.