Self-Improving + Proactive Agent

Security checks across malware telemetry and agentic risk

Overview

This skill intentionally creates local memory so the agent can remember corrections and preferences, and that behavior is mostly disclosed and purpose-aligned.

Install only if you want the agent to keep cross-session local memory about your corrections, preferences, and workflow patterns. Review ~/self-improving/ periodically, avoid storing secrets or sensitive personal data, use strict/passive mode if you want more confirmation, and review the separate Proactivity skill before approving its optional installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (13)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description says to use it whenever the agent notices failures, corrections, outdated knowledge, or a better approach, which are common conditions in normal operation. This broad activation scope can cause the skill to run frequently and persist user-derived data without an explicit, narrowly scoped trigger, increasing the chance of unintended memory writes and over-collection.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The 'When to Use' section uses vague conditions such as after significant work or when output could be better, which leaves invocation largely to agent discretion. In a self-modifying or memory-writing skill, ambiguous triggers are risky because they expand the number of contexts where the agent may inspect, log, and retain user interaction data.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The kill switch is triggered by a natural-language phrase, "forget everything," which could plausibly appear in ordinary conversation, quoted text, testing, or discussion of policy rather than as an actual command. In a self-improving memory-enabled agent, an accidental trigger could erase stored state and degrade reliability or enable denial-of-service against the memory system.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The procedure says to export current memory to a file before wiping it, but it does not require explicit user consent for file creation, storage location, retention, or disclosure risks. That creates a new persistence channel for potentially sensitive memory contents, which undermines the deletion goal and may expose data through logs, local files, or unintended access.

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The template explicitly instructs the agent to create directories and files under the user's home directory, which is a real state-changing operation on the local filesystem. While the paths and commands are limited and not overtly destructive, the skill provides no warning, consent check, or guardrails around persistent modification, making unintended writes possible when the skill is activated.

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The skill instructs the agent to read and persist state in `~/self-improving/heartbeat-state.md`, which involves accessing a file in the user's home directory without any user-facing warning or consent language. While the referenced data appears operational rather than overtly sensitive, home-directory access can expose private information patterns and creates hidden persistence behavior that users may not expect.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill describes automatic writes to persistent memory, corrections logs, and index files without any explicit user consent, notice, or approval boundary. In a self-improving agent, this is risky because ordinary conversation content can be silently persisted and later reused, creating privacy, retention, and integrity problems if the stored data is sensitive or incorrect.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The weekly maintenance flow performs archival, tier migration, compaction, and digest generation without explaining retention effects or obtaining user authorization. These background lifecycle actions can preserve, transform, or resurface old user data in ways the user does not expect, increasing privacy and compliance risk.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill prescribes different confirmation behavior based on an inferred or assigned user type, including 'aggressive learning, minimal confirmation' for power users, without requiring explicit user consent for that reduced-verification mode. In a self-improving memory-oriented agent, this increases the chance of silently storing incorrect preferences, overfitting to transient behavior, or taking actions based on unconfirmed assumptions, which can degrade safety and reliability over time.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The setup directs the agent to create and later modify files in the user's home directory and workspace configuration, but it does not require explicit user consent before those filesystem changes occur. In an agent setting, silent persistence to local files can create unwanted state, alter future behavior, and violate user expectations even if the content is framed as helpful setup.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The automatic correction logging workflow stores user-provided corrections, timestamps, counters, namespace decisions, and context in persistent files without any minimization rule. Because corrections may contain preferences, project details, or sensitive contextual information, this creates unnecessary long-term collection that could expose private data or cause the agent to overfit on sensitive user inputs.

Ssd 3

Medium

Confidence: 89% confidence
Finding: The example corrections log preserves timestamps, communication style changes, technical preferences, and conversation context, demonstrating a design that retains potentially identifying or sensitive behavioral history. Even as an example, it reflects intended system behavior that could leak private information later through memory recall, export, or cross-context reuse.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: - Pattern used 3x in 7 days → promote to HOT - Pattern unused 30 days → demote to WARM - Pattern unused 90 days → archive to COLD - Never delete without asking ### 4. Namespace Isolation - Project patterns stay in `projects/{name}.md`
Confidence: 77% confidence
Finding: without asking

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal