Agent Essentials

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent with its purpose: it helps agents find missing capabilities and save small learning notes, with the main persistence behavior disclosed.

Before installing, be comfortable with the agent saving concise lessons to local memory and suggesting additional ClawHub skills. Review any proposed changes to AGENTS.md, TOOLS.md, SOUL.md, or USER.md before approving, and avoid storing sensitive personal, credential, or project-confidential details in memory notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Session Persistence

Medium

Category: Rogue Agent
Content: | `USER.md` | `~/.claude/USER.md` (always user-scoped) | | Daily memory | `~/.claude/memory/YYYY-MM-DD.md` (auto-create if missing) | If none exists and a write is approved, create at the project-root path (or `~/.claude/` for `USER.md`) and tell the user "creating new file `<path>`." ## Decision Tree
Confidence: 89% confidence
Finding: write is approved, create at the project-root path (or `~/.claude

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal