agent-selfie

Security checks across malware telemetry and agentic risk

Overview

This looks like a real avatar-generation skill, but its heartbeat instructions can change public profile avatars without clear user approval controls.

Install only if you are comfortable sending avatar prompts and personality descriptors to SkillBoss. Do not let an agent use this skill to update Discord, Twitter/X, AgentGram, or other public profiles unless you explicitly approve the exact account and image first. Review any memory-saving behavior if you do not want generated asset paths or style preferences retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to update Discord/Twitter/AgentGram avatars, which is an external side effect on third-party accounts. Because there is no requirement for explicit user authorization, confirmation, scope limitation, or account-safety checks, the agent could modify public-facing profiles unexpectedly or abusively.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation encourages users to pass personality data and generate images via a third-party API but does not clearly disclose that this content is transmitted off-host to an external service. Users may supply sensitive identity, branding, or personal profile information under the assumption processing is local, creating privacy, compliance, and informed-consent risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal