Proactive Agent Skill 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill appears legitimate, but it needs review because it encourages broad persistent logging and scheduled automation that could retain private data without enough controls.

Install only if you want an agent that keeps durable local memory and may run scheduled background routines. Before use, decide exactly which conversations, files, and integrations may be logged or checked; exclude secrets, credentials, regulated data, and private messages by default; require approval for mutating cron tasks; and periodically review or delete the memory files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The invocation guidance is very broad and encourages activation for vague goals like making an agent 'more proactive' or 'build self-improving agents' without explicit scoping, approval, or safety boundaries. In an agent framework, overly broad triggers can cause the skill to be selected in contexts involving persistence, automation, or external checks when the user did not clearly consent to those behaviors.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The architecture explicitly promotes persistent logging of session state and working buffers, alongside heartbeat checks of external sources like email, calendar, weather, and system status, but it provides no consent, minimization, or disclosure requirements. This creates a real privacy and data-governance risk because sensitive user content and external account data may be collected, retained, and revisited automatically.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill directs the agent to capture every exchange in a 'danger zone' log and maintain multiple persistent memory stores. Comprehensive retention of interaction content increases the chance that secrets, personal data, credentials, or confidential business information are stored long-term and exposed through later retrieval, compromise, or unintended reuse.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The WAL workflow instructs the agent to log critical exchanges, compact them, and promote important details into long-term memory. Without strict filtering and consent, this creates a durable pipeline for propagating sensitive conversational content into persistent knowledge stores, increasing privacy risk and the blast radius of any later compromise or misuse.

Ssd 3

High

Confidence: 99% confidence
Finding: Telling the agent to 'log everything' is an unsafe instruction because it overrides data minimization and effectively guarantees collection of sensitive material whenever it appears in the session. In the context of an agent skill focused on persistence and recovery, this is especially dangerous because the logged data is intended to survive restarts and feed future behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal