Acp Loop

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward scheduler for recurring AI prompts, with the main risk being that scheduled prompts can keep running if users do not set limits.

Before installing, verify the npm package source and only schedule prompts you would be comfortable running repeatedly. Prefer --max, --timeout, or --until for nontrivial jobs, and avoid unattended prompts that can delete data, deploy changes, spend money, or post publicly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This skill enables unattended, repeated execution of agent prompts over time, but the documentation does not prominently warn users about the persistence and potential cumulative effects of scheduled actions. In practice, recurring autonomous execution can amplify mistakes, repeatedly perform sensitive operations, or continue after the user forgets about the schedule, increasing operational and security risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal