改成 Hermes × JiuwenClaw 融合版或自进化多Agent协作系统

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it gives the agent broad automatic memory and skill-changing behavior that users should review before installing.

Install only if you want an agent that can maintain long-term project memory and alter its own skill library. Before using it on private or important projects, require approval before any memory or SKILL.md write, review diffs, prohibit storing secrets, and keep backups or a rollback path for generated and modified skills.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README states that the skill will be automatically triggered for 'complex tasks' without clearly defining objective activation boundaries. Ambiguous auto-activation can cause the skill to engage on unintended prompts, expanding its authority to orchestrate multi-agent behavior and memory/persistence features when the user did not explicitly request them.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README advertises automatic generation and persistence of SKILL.md artifacts after complex tasks, but does not warn that user-derived content, prompts, outputs, or sensitive project details may be written to long-term storage. In a self-evolving agent system with project memory and skill reuse, this increases the risk of unintended retention, cross-task data leakage, and persistence of unsafe or poisoned instructions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal