Auto Improve

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malware, but it tells an agent to autonomously change its own memory and operating instructions without clear user approval or limits.

Install only in a controlled maintenance workflow. Treat it as proposal-only by default, review diffs before any write, and restrict it to a small allowlist of files with backups and a clear rollback path.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

High

Confidence: 97% confidence
Finding: The activation condition is extremely broad: 'Use when the agent should get smarter without being prompted' can apply in many ordinary interactions and invites autonomous execution without explicit user consent. In this skill's context, that is especially dangerous because the loop is designed to read memory and modify skills, protocols, and instruction files, creating a path for self-directed policy drift or persistence of unsafe changes.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill explicitly states it will 'update skills/protocols automatically' and lists high-sensitivity targets such as SOUL.md, AGENTS.md, memory facts, and reminder/ticket files, but the description does not clearly warn users that autonomous file modification may occur. This lack of disclosure increases the chance of silent, unauthorized, or unexpected changes to agent behavior and persistent state, making the skill materially more dangerous in context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal