karpathy-llm-wiki

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local markdown wiki skill that intentionally stores and updates knowledge files, with no evidence of hidden code or unrelated behavior.

Install this only if you want an agent to maintain a durable local markdown wiki. Choose the `wikiRoot` carefully, avoid putting secrets or highly sensitive material in sources or questions, and consider version control or backups because the skill is designed to modify and retain wiki files over time.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Ssd 3

Medium

Confidence: 94% confidence
Finding: The skill is designed to persist user-provided material and derived summaries into a long-lived wiki and append operation history to log files. Without guardrails for secrets, personal data, or sensitive prompts, this can cause inadvertent retention of confidential content that users expected to remain transient in chat.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The query workflow explicitly appends question summaries to log.md and encourages saving answers as new wiki pages, which can persist sensitive questions, strategic analysis, or confidential conclusions. Because this occurs during normal use and compounds over time, it increases privacy and data-retention risk even without an active attacker.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal