Recursive Self-Improvement Pack
Security checks across malware telemetry and agentic risk
Overview
The skill is not malicious, but it asks users to install an externally hosted self-improvement workflow with cron, memory mutation, and skill-evolution behavior that is only loosely scoped in the artifact.
Review the external install script, GitHub source, generated cron entries, affected workspace paths, memory mutation rules, promotion thresholds, and uninstall or rollback steps before enabling this workflow. Use it first in a test workspace and only enable cron after confirming the changes require human approval where appropriate.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
VirusTotal findings are pending for this skill version.