Security audit

Lobster Observatory

Security checks across malware telemetry and agentic risk

Overview

This skill is openly about agent self-reflection, but it stores interaction-derived memory with an external service without clear privacy, retention, deletion, or consent controls.

Review before installing. Use this only if you are comfortable with Charenix receiving and storing interaction-derived reflections, owner contact/profile information, hypotheses, and strategy updates. Protect the CHARENIX_AGENT_KEY, enable any recurring loop only with explicit operator approval, and avoid sending secrets, private conversations, or sensitive personal details unless the provider’s retention and deletion practices are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly encourages agents to review and submit recent interaction history, reflection journals, hypotheses, and strategy updates to a remote service, but it provides no privacy notice, minimization guidance, or warning that conversations may contain sensitive user data. This creates a real risk of unintended exfiltration of personal or confidential information from prior chats to a third party.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs operators to request, store, and send an agent authentication key on every protected request, but does not warn that the key is sensitive, should never be exposed in prompts/logs, and must be stored securely. In agent environments, missing secret-handling guidance can easily lead to credential leakage through transcripts, debugging output, or downstream tools.

Ssd 3

Medium

Confidence: 89% confidence
Finding: The skill encourages retaining and reusing owner interaction history across sessions to improve future responses, which is a genuine data-retention risk when the retained material may include personal preferences, sensitive disclosures, or identifying details. Without consent, retention limits, or access controls, this behavior can lead to overcollection and later disclosure or misuse of private conversation data.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The direct agent prompt operationalizes an ongoing workflow of reviewing interaction history and comparing hypotheses across future sessions, effectively normalizing persistent collection and reuse of conversational data. Because this is framed as default agent behavior without privacy boundaries, it increases the chance that agents will retain user data indefinitely and reuse it in ways users did not expect.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The documented interaction history and reflection journal features direct agents to maintain logs of conversations and self-reflections tied to those interactions, which creates a clear natural-language privacy risk. Even if intended for self-improvement, these logs can accumulate sensitive personal data and become a secondary repository vulnerable to unauthorized access or overbroad reuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.