Self-Improving AI

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed AI learning log with optional reminder hooks, but users should enable the hooks and persistent notes deliberately.

Install only if you want persistent AI/LLM learning logs. Do not store API keys, access tokens, customer data, or raw sensitive prompts. Prefer project-level hooks with AI-specific matchers, review any proposed changes to AGENTS.md, SOUL.md, TOOLS.md, or model configuration files, and avoid global all-prompt hooks unless you intentionally want cross-project reminders.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 83% confidence
Finding: The stackable-mode section says the skill should write only to `.learnings/ai/`, but earlier sections instruct writing to shared `.learnings/` files and promoting content into broader project docs like `AGENTS.md` and `TOOLS.md`. Conflicting ownership rules can cause unintended modification of shared memory and policy files, especially in multi-skill environments where isolation matters.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: An empty matcher on `UserPromptSubmit` causes the hook to run for every prompt, regardless of whether the session is AI-related. This broad trigger expands exposure to prompt content, increases noise and token overhead, and creates more opportunities for unintended data processing or prompt-injection-like interference through automatic reminders.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal