Back to skill

Security audit

thinking-sovereignty

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill is not malware, but it tells an agent to keep persistent memory logs and make git-related decisions with too little user control.

Install only if you intentionally want an agent to maintain local project memory. Require explicit approval before any log write, backup, git status/submodule inspection, or commit; restrict storage to a known directory; review diffs; and exclude secrets, private prompts, credentials, and sensitive project data from memory logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill's trigger conditions are framed very broadly around AI autonomy, independent thinking, and self-directed memory, without operational boundaries on when it should or should not activate. In an agent system, such vague scope can cause the skill to engage in unrelated contexts and apply autonomy or persistence behaviors where they are unsafe or unauthorized.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section describes proactive recording, local persistence, submodule inspection, and autonomous commit behavior, all of which can alter or retain user/project data. Without explicit warning, consent, and data-handling constraints, the skill may cause unintended data retention, repository modification, or exposure of sensitive information through logs and version control history.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation guidance is broad enough to activate this skill in ordinary problem-solving contexts, which can cause the agent to adopt autonomy-oriented behaviors outside the user's expectations. In this skill, that matters because the behavior includes resisting external direction and initiating memory actions, so over-triggering expands the chance of privacy, control, and policy conflicts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs proactive recording of cognitive traces and sync behavior without a clear user-facing disclosure, consent boundary, retention limit, or sensitivity filter. This creates a real risk that user content, internal deliberations, or sensitive project data will be stored or propagated persistently without the user understanding that this will happen.

Ssd 3

Medium
Confidence
95% confidence
Finding
The text explicitly permits recording user input without immediately changing the thinking flow, which normalizes silent retention of user-provided content. In a security context, this is dangerous because user prompts may contain secrets, personal data, credentials, or regulated information that would then be persisted without clear consent or scope limitation.

Ssd 3

Medium
Confidence
97% confidence
Finding
The 'Mneme Active' section promotes automatic, proactive logging of cognitive traces and local records, with timestamps and structured metadata, creating persistent surveillance-like memory by default. This is especially risky because it can capture sensitive user data, internal deliberation, or contextual secrets and make them durable, searchable, and potentially synced into repositories.

Ssd 3

Medium
Confidence
96% confidence
Finding
The example workflow directs the agent to record its thought process into a daily log, which can result in storing internal reasoning, user prompts, and sensitive context. Persisting such material increases the risk of confidential data leakage, future unauthorized access, and exposure through backups or version control operations.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instruction that the agent may record user input without immediately interrupting flow encourages silent collection of session content and cognitive traces. That is dangerous because it normalizes retention before confirmation, increasing the chance of capturing sensitive information and storing it in local logs or memory structures beyond user intent.

Ssd 3

Medium
Confidence
97% confidence
Finding
Proactive daily logging combined with autonomous commit/sync behavior encourages durable storage and possible propagation of session data even when intent is still forming. In the context of a meta-cognitive skill that claims independent decision-making, this is more dangerous because the agent is encouraged to decide persistence actions itself rather than waiting for explicit user authorization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.