Self improving

Security checks across malware telemetry and agentic risk

Overview

This skill openly implements local, persistent agent memory for corrections and preferences, with no evidence of hidden network access, credential use, or exfiltration.

Install only if you want the agent to keep local memories that affect future sessions. Review ~/self-improving/ periodically, avoid storing secrets or sensitive personal data, inspect AGENTS/SOUL/HEARTBEAT edits, and delete any exported memory files when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs automatic logging of user corrections, preferences, and repeated behaviors into persistent local files, but it does not require clear user notice or consent at the time data is stored. Even though storage is local and some boundaries are stated, this still creates privacy and retention risk because personal preferences and behavioral history can accumulate silently across sessions.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The kill switch relies on the plain-language phrase "forget everything," which could be triggered accidentally during normal conversation, quoting, testing, or discussion of policy. In a self-improving memory-oriented skill, an unintended wipe can cause loss of state and may trigger downstream actions like export and deletion without sufficiently clear user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The procedure says to export current memory to a file before wiping, but does not require warning the user that the export may contain sensitive personal data or specify secure handling of that file. This creates a clear data exposure risk because the file may persist longer than intended, be written to an insecure location, or undermine the user's expectation that "forget everything" means immediate deletion.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly instructs the agent to log user corrections, track repeated behavior, and write preferences into persistent namespaces, but it does not require clear notice, consent, retention limits, or review controls for storing behavioral history. In a self-improving agent, this creates a real privacy and policy risk because ordinary conversational feedback can be converted into durable user profiles without the user understanding what is being stored or where it persists.

Missing User Warnings

Low

Confidence: 94% confidence
Finding: The template directs the agent to create persistent files under the user's home directory, which causes local data storage without an explicit user-facing notice or consent mechanism. In a self-improving memory skill, those files may accumulate corrections, preferences, and task context over time, increasing privacy and data-retention risk if the user is unaware this storage is happening.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The file explicitly states that the agent will load memory on every session and automatically add and retain user preferences, patterns, and project defaults, but it does not provide a clear disclosure, consent mechanism, or limits on what may be stored. This creates a real privacy and persistence risk because sensitive or unintended user data could be captured and silently reused across future sessions, influencing behavior beyond the original context.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The command triggers include broad natural-language phrases like "What do you know about X?" and "Show my memory," which can overlap with ordinary conversation and cause unintended invocation of sensitive memory operations. In a self-improving agent with persistent storage, accidental triggering increases the risk of unintentional disclosure, deletion, or modification of stored user data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill specifies automatic writes to persistent files during correction handling and maintenance, but does not clearly warn the user that their inputs may be stored and reused. In this context, the omission is more dangerous because the skill is explicitly designed for self-improvement and long-term memory, so users may unknowingly provide sensitive preferences, project details, or operational data that become persistently recorded.

Missing User Warnings

Low

Confidence: 94% confidence
Finding: The setup instructs the agent to create directories and files under the user's home directory and later modify workspace control files such as AGENTS.md, SOUL.md, and HEARTBEAT.md. Even though this appears intended for legitimate configuration, it causes persistent filesystem changes without an explicit safety warning, dry-run option, or requirement to summarize and confirm each write before execution, which can lead to unexpected state changes or policy injection into future runs.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal