Back to skill

Security audit

Skill Evolve

Security checks across malware telemetry and agentic risk

Overview

This skill is not overtly malicious, but it asks the agent to persistently create, edit, and delete future skills without enough user-control safeguards.

Install only if you want the agent to maintain its own persistent skills. Require the agent to ask before creating, editing, or deleting any skill, review generated SKILL.md files for secrets or incorrect assumptions, and keep backups of the skills directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are broad enough to fire on many routine interactions, causing the agent to persist and reuse learned procedures without clear user consent or strong relevance checks. In a self-modifying skill system, this can lead to over-collection of task context, propagation of mistaken workflows, and uncontrolled growth of reusable instructions that may later influence unrelated tasks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends destructive deletion of directories using rm -rf without any confirmation, preview, or safety validation. This is dangerous because path interpolation mistakes, variable expansion issues, or operator error can permanently delete unintended files, especially in an automated agent context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
SKILL.md:80