Security audit

new-self-improving

Security checks across malware telemetry and agentic risk

Overview

This skill transparently creates local learning and memory files for an agent, with no evidence of hidden network access, credential use, or destructive behavior.

Install this only in workspaces where you want the agent to keep durable local memory. Periodically review .learnings and .self-improving, and consider requiring manual approval before promoting entries into AGENTS.md, SOUL.md, TOOLS.md, or MEMORY.md. Do not let it store secrets, health information, or private third-party data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill claims to perform ongoing logging, review, promotion, and maintenance of learnings, but the described concrete action is mainly running an initialization script and referencing external procedures that are not implemented here. This mismatch is dangerous because operators may trust the skill to persist corrections and memory safely when it may only create scaffolding, leading to silent failure of expected controls and possible misuse of workspace memory files.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation guidance is broad enough to trigger on many normal conversations, corrections, and maintenance moments, which can cause the agent to write to persistent memory too readily. In a self-improving skill, over-broad activation increases the chance of storing transient, incorrect, or sensitive user content without clear consent boundaries.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The feature-request trigger phrases like 'Can you also...' and 'I wish you could...' are common in ordinary dialogue and may cause routine conversation to be logged as durable feature requests. Because this skill is designed to persist learnings, such overlap can lead to noisy or privacy-impacting data capture and may influence later agent behavior based on casual remarks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal