AGI / Artificial General Intelligence

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-only reasoning skill with disclosed local memory and optional activation persistence, but no code execution, credentials, network access, or hidden data flow.

Install only if you want a reasoning-coach skill that may keep local notes under ~/agi/. Do not approve the MEMORY.md activation line unless you want it active in future sessions, and periodically review or delete ~/agi/ if you do not want retained style or preference notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to modify persistent user files to auto-activate itself and to record state, even though the stated purpose is only to improve reasoning. Persisting behavior changes across sessions creates an unnecessary foothold in the user's environment and can normalize self-installation or silent state retention beyond the immediate task.

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The document claims it does not need user context and does not use user data, but then directs collection of user-specific preferences, expertise, and interaction-derived patterns. This contradiction can mislead users and reviewers about the actual data handling behavior, undermining informed consent and increasing the chance of undisclosed profiling or retention.

Vague Triggers

High

Confidence: 94% confidence
Finding: The skill instructs activation on 'Every interaction,' which is an overly broad trigger for a cross-cutting behavior modifier. Even though the content is framed as reasoning guidance rather than explicit privilege escalation, universal activation can silently override task-specific skills, increase prompt-surface area, and normalize persistent self-modification behaviors such as reading/writing memory files across unrelated contexts.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill tells the agent to write to user and local memory files without warning that the data will persist across sessions or explaining the privacy/security implications. Even with a one-time consent prompt for one file, the lack of clear disclosure about persistence and future automatic activation can cause users to authorize changes they do not fully understand.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill encourages collecting and saving user communication style, expertise level, and interaction learnings without any privacy disclosure or consent mechanism. This creates a risk of silent user profiling and long-term retention of behavioral data that is not obviously required for the stated function of 'reasoning better.'

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal