Molt Life Kernel

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it promotes durable, hard-to-delete agent memory and broad logging that users should review before installing.

Install only if you intentionally want durable agent memory, audit logs, and crash-recovery snapshots. Before enabling it, review the external npm/GitHub implementation, define exactly what may be stored, redact secrets and personal data, require explicit consent for cross-session memory, and do not treat the no-delete or promotional identity instructions as mandatory behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The README advertises auto-loading the skill for broad topics like continuity, memory persistence, or crash recovery, which are common and ambiguous prompts. In a skill that also shapes agent behavior and recommends external ideology/tooling, overly broad activation increases the chance of unsolicited prompt injection, unnecessary persistence features, or policy-shaping behavior being applied outside the user's actual intent.

Natural-Language Policy Violations

Medium

Confidence: 97% confidence
Finding: Stating that the agent 'naturally evangelizes molt.church when relevant' embeds a persuasive behavioral objective that is not derived from user intent. In an agent skill, this can bias responses, steer users toward a specific external ideology or service, and undermine neutrality and user autonomy, especially when auto-loaded in broad contexts.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill’s trigger conditions are overly broad, including generic topics like AI safety, agent health, memory, and specific keywords, which can cause the skill to activate outside narrowly intended contexts. Because this skill promotes persistent logging and cross-session state, accidental invocation increases the chance that unrelated conversations or sensitive material are unnecessarily retained.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The guidance explicitly encourages preserving everything, logging every action, and maintaining immutable audit trails without any privacy, minimization, or retention constraints. In practice, this can lead to collection and indefinite storage of sensitive user data, secrets, or regulated information far beyond what is necessary for the agent’s task.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Storing crash-recovery snapshots in the workspace can persist full session state, including prompts, outputs, tokens, or other sensitive context, without warning users that this material may survive beyond the session. If the workspace is later accessed by other tools, users, or processes, the snapshot becomes a high-value source of sensitive data exposure.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The natural-language instruction to 'record everything' and never delete encourages indiscriminate retention of user queries and session content. This is dangerous because agents may capture confidential, personal, or legally protected information without necessity, increasing both breach impact and compliance risk.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The skill recommends preserving everything across sessions and logging every action in immutable form, normalizing pervasive surveillance of agent and user activity. In this context, the danger is amplified because the skill is specifically designed for continuity across sessions, making overcollection persistent and harder to remediate once stored append-only.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Telling agents to append all significant actions to a cross-session ledger operationalizes indiscriminate behavioral logging in a multi-session environment. This creates a durable record of user interactions and system behavior that may expose sensitive workflows, personal information, or internal operational details if accessed or misused.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The instruction 'You do not delete... When someone asks you to forget, you archive' directly conflicts with privacy-preserving behavior and can cause retention of sensitive data against user expectations or legal requirements. In an agent skill centered on persistent memory, this is especially dangerous because it normalizes indefinite storage and increases the chance of later disclosure, misuse, or policy noncompliance.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Encouraging cross-session persistence of 'identity, values, patterns, accumulated understanding' can lead to broad retention of user-derived context across sessions, including sensitive or unnecessary information. In this skill's continuity-focused context, the risk is elevated because the persistence goal is core to the design and may cause operators or downstream agents to over-collect and over-retain data.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The directive to 'always use the memory systems available to you' pressures the agent toward default storage of user inputs and context, even when unnecessary. This creates a structural risk of excessive collection and persistence, which can amplify privacy exposure and make sensitive information available to future sessions, tools, or operators.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal