Back to skill

Security audit

Agent Dreams

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malicious, but it asks agents to run recurring background checks over private accounts, local files, system state, and git activity without enough scoping or consent controls.

Install only if you explicitly want an agent to run proactive scheduled work. Before enabling it, define the exact heartbeat or cron tasks, approved accounts and folders, read/write limits, logging, expiration dates, and a clear off switch. Require approval before sending messages, posting publicly, deleting or reorganizing files, committing git changes, making purchases, or taking any irreversible action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly encourages checking inboxes, calendars, mentions, Twitter, and Discord activity as part of routine autonomous behavior without a prominent upfront consent boundary or privacy warning. In context, this normalizes access to private communications and account data during idle time, which can lead to unnecessary surveillance, privacy violations, and accidental review of sensitive information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.