Personalised Local Wiki

Security checks across malware telemetry and agentic risk

Overview

This skill manages a local Markdown personal wiki as advertised, but users should understand it encourages proactive local reads and writes.

Install this only if you want an agent to use a local wiki as memory. Point PERSONAL_WIKI_ROOT at a dedicated folder, review proposed edits before committing, avoid storing secrets or sensitive third-party information, and do not bind the wiki server to 0.0.0.0 unless you intentionally want network access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The proactive triggers are broad enough that the agent may consult or update the personal wiki during ordinary conversation without a clear user request. In a skill that stores local notes about projects, people, decisions, and research, this can cause over-collection of sensitive context and unnecessary file access, increasing privacy and safety risk even if no external exfiltration is described.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The maintenance trigger 'When learning something worth remembering' is subjective and underspecified, which can lead the agent to persist conversational details without a clear threshold or consent boundary. Because this skill is positioned as a long-term personal memory store, ambiguous write criteria can result in accidental retention of sensitive, irrelevant, or incorrect information.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal