Self Improvement

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it asks agents to persist conversation and error details into project memory files without enough consent, redaction, or scope controls.

Install only if you are comfortable with the agent creating persistent project memory. Keep .learnings local or reviewed before committing, require approval before promoting anything into agent instruction files, and redact tokens, credentials, personal data, customer content, private prompts, and raw command output from logged entries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly tells the agent to log detailed error messages, command context, inputs, parameters, and related files to persistent markdown files without any redaction guidance. Errors and inputs often contain secrets, tokens, personal data, internal paths, or proprietary content, so this can create a durable local or repository-stored disclosure channel.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The guidance encourages reading transcripts from other sessions and using workspace/session mechanisms for sharing learnings, but it does not impose any privacy, authorization, or minimization constraints. Session histories can contain sensitive prompts, code, secrets, or user data, so normalizing cross-session review without safeguards can expose information beyond the original context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal