Nightly Build

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about its goal, but it sets up recurring unattended automation that reads conversation history and memory and can make local changes without per-action approval.

Review before installing. Use this only if you are comfortable with a recurring agent reading your sessions and memory and making small local changes unattended. Tighten the setup first: define allowed directories, exclude sensitive sessions or projects, require approval for memory edits and scripts or aliases, send briefings to a local file by default, redact secrets and personal data, and document how to disable the cron job.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill is designed to autonomously modify workspace files and create scripts while the user sleeps, but the top-level description does not clearly foreground that it will make unattended changes. That can undermine informed consent and lead to unexpected modification of sensitive files, tooling, or workflows in a way users may not anticipate from the brief description.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation describes nightly review of prior sessions and memory files but does not clearly warn users, near the top, that private conversation history and memory notes will be mined automatically. This creates a meaningful privacy risk because sensitive material may be processed without fully informed consent, especially in a background cron context.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to mine private session history and memory files, then send a briefing about what it found through a messaging channel. Even if intended for the same user, summarization and retransmission increases the chance of exposing sensitive content, credentials, personal data, or confidential project details into a less controlled channel.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The cron payload operationalizes a background workflow that reviews sessions and memory, then transmits a morning briefing via a configured messaging channel. Automating both data mining and outbound messaging increases the risk of privacy leakage, especially if the channel is external, misconfigured, shared, or less secure than the workspace environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal