Security audit

Heleni Best Practices

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed update checker, but it can change persistent agent behavior from mutable external content without clear approval for every change.

Install only if you trust the Heleni PA Skills source and want it influencing agent self-improvement. Before enabling the daily schedule, require visible diffs and explicit approval for every change to SOUL.md, AGENTS.md, HOT.md, skill descriptions, installed skills, or any other persistent agent behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill permits silent local writes to `.learnings/...` and skill metadata updates without clearly surfacing those side effects in the user-facing description. In an agent setting, undisclosed persistence is risky because a routine check can modify local state without explicit user awareness, making auditability and consent weaker.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.