Security audit

Proactive Pa

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to make an assistant proactive, but it includes under-scoped autonomous messaging and persistence behavior that users should review before installing.

Install only if you intentionally want scheduled proactive behavior. Before use, remove any fixed recipient defaults, require explicit approval for every external message or a clearly bounded opt-in rule, document and limit memory writes, and make sure scheduled jobs can be reviewed and disabled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: This skill explicitly provides a cron pattern that sends autonomous WhatsApp alerts to a hard-coded external phone number. That exceeds passive behavior guidance and creates a real capability for unreviewed outbound communications, which can leak sensitive information, spam a recipient, or trigger actions outside the user's current consent.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The skill's guardrail says to always ask before sending messages to others, but earlier sections instruct autonomous cron-based WhatsApp delivery and proactive check-ins. This contradiction is dangerous because the more specific operational instructions can override the safety rule in practice, leading the agent to message external parties without fresh approval.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases are broad conversational language such as 'be proactive' and 'take initiative,' which can cause accidental activation during ordinary user interactions. Unintended activation is risky here because the skill enables autonomous checks, memory updates, and notification behaviors that may run without the user realizing this skill is in effect.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill directs the agent to track heartbeat state in a memory file and to perform ongoing memory compaction without clearly warning the user that autonomous state writes will occur. Hidden persistence can create privacy, integrity, and surprise risks, especially if the agent stores behavioral metadata or updates long-lived memory outside the user's awareness.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The cron setup example includes autonomous outbound WhatsApp messaging but the skill description does not clearly disclose that activating this skill may result in external communications. This is dangerous because users may interpret the skill as internal behavior guidance while it actually enables real-world notifications to external recipients.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.