Back to skill

Security audit

Inner Life Dream

Security checks across malware telemetry and agentic risk

Overview

This skill is a local creative-reflection tool that writes agent memory as disclosed, with no evidence of hidden network access, credential use, or destructive behavior.

Install this only if you want the agent to keep local dream-style reflections and update its inner-life memory. If you enable cron or heartbeat execution, keep limits conservative and periodically review memory/dreams, memory/inner-state.json, memory/drive.json, and any daily-note dream markers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to modify persistent memory and state files such as `drive.json`, `inner-state.json`, dream logs, and daily notes, but it does not require explicit user consent, preview, or confirmation before making those changes. In an agent setting, silent writes to long-lived memory can alter future behavior, create misleading state, and persist unwanted or fabricated content beyond the current task.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.