Goals

Security checks across malware telemetry and agentic risk

Overview

This goal-management skill appears coherent and limited to maintaining goal files in a disclosed local folder.

Before installing, expect the skill to create and update markdown files under ~/goals/. If you do not want a new folder in your home directory, ask the agent to use a different path or to show proposed file changes before writing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs creation of `~/goals/` but does not say to obtain user consent before modifying the filesystem. Unannounced writes to the user's home directory can violate user expectations, create unwanted artifacts, and become more risky if the skill auto-activates from broad conversation context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal