Type-Based Autonomy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local task-queue workflow for limited autonomous research, writing, and analysis work, with no hidden code or credential use found.

Install only if you want heartbeat-style autonomous local task management. Before enabling it, edit the RA/MONEY goal text to your own objectives, confirm a separate process really handles skipped backup/security/maintenance tasks, and keep tasks, memory, GOALS.md, and .learnings/ under version control or review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly says completed task history may be deleted if not needed, but it does not require confirmation, retention policy, or backup before removal. In an autonomous workflow, this can cause irreversible loss of operational records, audit trail, and context that may be needed for troubleshooting, accountability, or recovery.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to write to `memory/YYYY-MM-DD.md` and later to update queue, goals, and learning files without any requirement for user notification, confirmation, or scoped authorization. In an autonomous heartbeat workflow, silent file mutation increases the risk of unauthorized persistence, task manipulation, and unreviewed state changes, especially because the skill is designed to run repeatedly and non-interactively.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal