Back to skill

Security audit

Values

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it saves sensitive personal values interviews and full transcripts locally with too little upfront control.

Install only if you want a persistent local values store. Before using it, set AGENT_VALUES_DIR to a location you control, review or delete transcripts under the values store after sessions, and approve the USER.md snippet only if you want future agents to consult these values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation criteria are broad enough to trigger on ordinary emotionally charged conversation, which can cause the agent to initiate a sensitive elicitation workflow without a clear, explicit request. In this skill, that matters because the workflow culminates in persistent storage of personal values and transcripts, so over-triggering increases privacy and consent risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to silently create directories and files on every run without first informing the user, which is a transparency and consent problem. Even if the writes are limited to the values store, hidden filesystem modification can surprise users and violate least astonishment, especially in environments where local state matters.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill persists a values card and a full transcript of a potentially sensitive conversation, then rebuilds an aggregate values file, all without an explicit storage warning at the point of collection. Because the elicitation targets personal beliefs, feelings, norms, and blockers, the stored content may contain highly sensitive psychological or identity-related information that could be exposed later.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to write a card, transcript, and rebuild VALUES.md without requiring a user-facing warning or explicit confirmation before modifying local artifacts. In an agent environment with file access, this can cause unexpected persistence of sensitive conversational data and surprising filesystem changes, especially because the content is derived from intimate user disclosures.

VirusTotal

35/35 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.