Back to skill

Security audit

self-dyxc自我提升型主动智能体

Security checks across malware telemetry and agentic risk

Overview

This is a local self-improvement memory skill that persistently stores and reloads user corrections and preferences, and that behavior is disclosed, scoped, and purpose-aligned.

Install only if you want an agent to keep durable local memory about corrections, preferences, and work patterns. Review ~/self-improving/ and any AGENTS.md, SOUL.md, or HEARTBEAT.md changes, avoid saving sensitive personal or credential data, and verify exports or deletion requests do what you expect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation conditions are broad enough that the skill may trigger in many normal interactions, including generic task completion, self-critique, or perceived improvement opportunities. In a skill that reads and writes persistent memory, over-broad activation increases the chance of collecting and persisting user data without clear, task-specific consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The user-facing description emphasizes self-improvement benefits but does not clearly warn that the skill creates and maintains persistent local files containing preferences, corrections, and reflections. This weak transparency can lead to users enabling the skill without understanding that their statements may be retained across sessions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrase "forget everything" is broad and could be said in ordinary conversation, causing unintended activation of a destructive memory reset flow. In a self-improving agent with persistent memory, accidental invocation could erase user data or disrupt behavior without clear confirmation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The wipe procedure performs two sensitive actions—exporting current memory to a file and deleting learned data—without first warning the user or confirming they want both actions. This can create privacy risk because exported data may persist in a new location even when the user intended complete deletion.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The template explicitly instructs creating persistent files and directories under the user's home directory on first activation, but provides no warning, consent step, or scoping constraints. In a self-improving agent context, silent local writes create privacy, persistence, and trust risks because the agent may store user data or behavioral history without explicit approval.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill specifies automatic loading of memory files at session start without any explicit user notice or consent step. This creates a privacy and transparency risk because persisted data may be accessed unexpectedly, including potentially sensitive prior context, and the user may not realize the agent is relying on retained memory.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow automatically writes corrections and namespace data to persistent files without a clear warning, confirmation boundary, or consent model. This is dangerous because ordinary conversation corrections can silently become durable profile data, creating privacy, retention, and integrity risks if sensitive, incorrect, or context-specific information is stored permanently.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The weekly maintenance routine performs background scanning, movement, archival, and compaction of user-related memory data without notifying the user. Undisclosed background data handling increases the risk of unexpected retention, loss of context, or difficult-to-audit transformations of stored information, especially when data is moved across tiers or compacted automatically.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guidance explicitly recommends "aggressive learning" with minimal confirmation for power users, which increases the chance the agent stores, generalizes, or acts on inferred user preferences without clear consent. In a self-improving memory skill, this is more dangerous than in ordinary documentation because the capability is specifically designed to retain and reuse learned information across sessions, creating privacy and persistence risks.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The setup instructs the operator to create and later modify persistent files in the home directory and workspace configuration without clearly warning that these changes are durable and may affect future agent behavior. In this skill's context, the risk is elevated because it establishes long-lived memory and steering files (including AGENTS.md, SOUL.md, and HEARTBEAT.md), which can silently influence subsequent tasks beyond the current session.

Ssd 3

Medium
Confidence
96% confidence
Finding
The automatic logging rules direct the agent to persist user corrections, preferences, and repeated instructions, but the safeguards are too weak to reliably prevent capture of sensitive personal data embedded in ordinary conversation. Even with a later boundary statement, these logging triggers are broad and semantic, creating a real risk of storing personal, confidential, or regulated information in long-lived files.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.