Back to skill

Security audit

Abby Autonomy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local task-queue helper for proactive work, with expected persistence but no evidence of exfiltration, credential use, destructive actions, or hidden installation behavior.

Install this only if you want Abby to proactively work from a local queue. Keep tasks/QUEUE.md writable only by trusted users, avoid putting secrets in task names or state, review the queue before enabling cron or heartbeat automation, and require manual approval for tasks that could affect accounts, finances, external services, or important files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The top-level helper `take_task()` mutates the in-memory queue by moving a task from `ready` to `in_progress` but never calls `write_queue()` to persist that state. In a task orchestration or agent setting, this can cause the same task to be repeatedly handed out, leading to duplicate execution, inconsistent workflow state, and possible repeated side effects if tasks trigger external actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly describes autonomous downloading, task execution, and updating queue/state files, but it does not require user confirmation, scope limits, or clear disclosure that files and data may be modified. In an agent context, this can lead to unintended file writes, network activity, or persistent state changes being performed automatically during heartbeat-driven execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.