Back to skill

Security audit

Aprendizado Continuo

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about self-improvement, but it can automatically store and promote captured learnings into files that affect future agent behavior without clear review controls.

Install only if you want persistent self-improvement records. Require manual review before saving corrections or promoting changes to AGENTS.md, TOOLS.md, or SKILL.md, and avoid capturing secrets, private user data, or unverified lessons.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger definitions are broad enough that ordinary user feedback, transient failures, or loosely related events could be captured automatically without clear boundaries or consent. In a self-improvement skill that persists records and promotes learnings into AGENTS.md, TOOLS.md, and SKILL.md, unintended activation can lead to incorrect memory formation, prompt/data poisoning, and propagation of low-quality or user-injected instructions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description emphasizes automatic capture but does not clearly disclose that it writes persistent local records of errors, corrections, feature requests, and learnings. This creates a privacy and security risk because sensitive prompts, operational details, or user corrections may be stored on disk unexpectedly and later reused or exposed.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The metadata repeatedly states that the skill operates 'em português' and is 'essencial para desenvolvedores brasileiros' without signaling that language choice is optional. This can cause the agent to override user language preferences or exclude non-Portuguese users, which is a real policy/usability issue even if it is not a classic exploit-driven security bug.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.