Second Order Effects

Security checks across malware telemetry and agentic risk

Overview

This skill is a local decision-analysis aid that stores decision notes and preferences on your computer, with no evidence of network access or hidden behavior.

Install only if you are comfortable with the agent saving decision history, preferences, risk tolerance, blind spots, and related context locally under ~/second-order-effects/. Review, edit, or delete that folder if analyses include sensitive personal, business, investment, or technical decisions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The instruction to save every learned user preference to memory.md immediately creates persistent storage of behavioral and preference data without requiring notice, consent, or minimization. In a decision-support skill, this can quietly accumulate sensitive personal, business, or risk-tolerance information over time, increasing privacy and profiling risk if the memory is later accessed, reused, or exposed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal