knowledge-internalizer-pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed knowledge-building helper whose main caveat is that it saves generated learning materials into local long-term memory.

Install this only if you want research outputs and self-assessment reports saved locally and reused in later conversations. Review or delete the saved topic folders and MEMORY.md entries if you use sensitive, proprietary, or regulated subjects.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs persistent writes into a long-term memory directory and updates a global index file, but provides no requirement to obtain explicit user consent, preview the content, or scope the write to a session-local area. In an agent environment, this can cause unintended retention of user-provided or model-generated data, cross-session leakage, and silent modification of persistent state that later affects behavior.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal