DiePre Embodied Bridge

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but it needs review because it describes automatic logging and self-updating parameters that can affect future robot actions without clear user controls.

Treat this as an experimental robotics skill. Before using it with real equipment, review the actual implementation, keep logs in a controlled location, require manual approval before evolved parameters affect robot actions, and make sure there is a clear way to inspect, reset, or disable the evolution state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly describes persistent writes to `evolution_log/{task_id}.json` and updates to `params/evolved_params.json`, but the documentation does not clearly warn users that normal execution modifies local state and influences future behavior. In an agent/tooling context, undisclosed persistence is security-relevant because it can leak task data, create unexpected statefulness, and allow later runs to be affected by prior inputs or failures.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal