Back to skill

Security audit

Kcc Office Ai Agents

Security checks across malware telemetry and agentic risk

Overview

This is an autonomous multi-agent office skill that is not malicious, but it gives broad proactive memory, account-checking, and repository-change authority without enough user controls.

Install only in an isolated workspace first. Do not enable heartbeats, cron-style automation, email/calendar/social access, API keys, or git push permissions until you define exactly what the agents may read, write, remember, share, and publish. Require explicit approval for commits, pushes, external messages, credentialed services, and any memory or instruction-file changes that will persist across sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes autonomous, proactive operation, collaborative decision-making, and context persistence without any accompanying safety boundaries, approval requirements, or warning that agent actions may affect data or system state. In an agent skill, this framing can normalize unattended execution and increase the chance that downstream users or integrators deploy it with excessive trust and insufficient guardrails.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly promotes persistent memory, semantic search over past interactions, working-buffer capture, compaction recovery, and proactive monitoring/check-ins, but provides no user-facing warning, consent flow, retention limits, or data handling boundaries. In an autonomous multi-agent office setting, this increases the risk of collecting, retaining, and resurfacing sensitive user or organizational data without informed consent or minimization.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phrase 'When you receive a heartbeat poll' does not define who may issue the poll, how often it should run, or what scope of actions are authorized during that trigger. In an autonomous multi-agent system with persistent context and self-improvement capabilities, ambiguous activation conditions can cause the agent to perform broad monitoring and follow-on actions at unintended times, increasing the chance of unauthorized or excessive behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instruction to 'Commit and push your own technical changes if needed' authorizes repository-modifying actions without requiring user confirmation, policy checks, branch restrictions, or change review. In this skill's context—an autonomous office-agent collaboration system—this is especially risky because a routine heartbeat could directly mutate code or configuration and propagate changes to a remote repository without human awareness.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Nothing new since last check
- You just checked <30 minutes ago

**Proactive work you can do without asking:**

- Read and organize memory files
- Check on projects (git status, etc.)
Confidence
82% confidence
Finding
without asking

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.