Agent Survival Kit

Security checks across malware telemetry and agentic risk

Overview

This is a simple local budgeting skill that discloses its workspace finance files and does not include code, network access, credentials, or hidden behavior.

Install only in a workspace where local budget, revenue, and expense notes are appropriate. Avoid entering payment credentials, account numbers, or confidential business details into the finance logs, and review the generated memory files if you care about what persists between agent sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly states it will create workspace files and templates on first run, but it does not provide a clear warning, consent step, or scope limitation around modifying user files. Even if the behavior is intended for normal setup, silent file creation can surprise users, overwrite expected state, or be abused by an agent to alter the workspace without informed approval.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal