Back to skill

Security audit

Recursive Self Improvement

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about recursive code repair and optimization, but it gives broad autonomous change authority without clear user approval, scope, rollback, or stopping limits.

Install only if you intentionally want an agent to help repair or optimize a clearly scoped project. Use a sandbox or dedicated branch, require explicit approval before edits and repeated cycles, cap concurrency and recursion, and keep version-control rollback available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly describes autonomous code or logic changes, refactoring, testing, and version progression, but it does not warn that using it may modify user code or project state. In a self-improvement skill, that omission is dangerous because an agent may apply recursive changes without clear user confirmation, increasing the risk of unintended destructive edits, cascading regressions, or repository-wide changes.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill advertises concurrent automated execution and dynamic scheduling but does not warn about overlapping edits, race conditions, or system integrity risks. In the context of recursive self-improvement, concurrency makes the behavior more dangerous because multiple automated tasks may simultaneously alter code, tests, or state in inconsistent ways.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.