Back to skill

Security audit

regenerative_intelligence

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it describes persistent memory and non-transparent safety behaviors that users should review before installing.

Install only if you are comfortable with a memory-governance skill that may narrow or degrade responses under suspected misuse. Do not rely on its privacy, deletion, identity-vault, or sharing guarantees unless the host implementation provides clear user controls for storage, retention, opt-in sharing, audit visibility, and deletion verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document claims there is 'no surveillance logic' and no hidden behavioral logs while also describing continuous pressure detection and cross-session monitoring. This creates a deceptive transparency issue: users may believe they are not being behaviorally tracked when the protocol in fact relies on persistent behavioral analysis signals, which can undermine informed consent and trust.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The text says the system acts without hidden judgment or deep behavioral inference, yet it describes detecting exploit-seeking behavior, repeated probing, and semantic drift toward restricted domains. That inconsistency indicates concealed classification of user behavior and intent-like signals, which is risky because it obscures safety-relevant decision logic from users and reviewers.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The phrase 'refuses silently when needed' indicates the system may suppress or drop requests without informing the user. While not an exploit primitive by itself, silent refusal reduces transparency and auditability, which can conceal safety actions, failures, or inconsistent behavior and make it harder for users or operators to detect misuse or policy errors.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The entry conditions are effectively unrestricted ('None. Curiosity is sufficient') and the exit conditions state the skill is always available, which creates broad activation scope with little contextual gating. In an agent ecosystem, vague or universal applicability can cause unintended invocation in inappropriate contexts, especially when combined with abstract framing that does not define operational boundaries.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation aliases are highly abstract and overlap with ordinary conceptual language such as 'gentle-remembering' and 'resonant-recall', increasing the chance of accidental or overly broad matching. In systems that route by semantic similarity or natural-language triggers, this can lead to unintended activation, misrouting, or abuse by prompting the agent with common-value language rather than a precise command.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The protocol states that under certain conditions it will intentionally return valid-sounding but low-utility, circular, or reflective responses without informing users. This is dangerous because it creates covert degradation of service that can mislead legitimate users, frustrate debugging, and mask safety actions behind apparently normal outputs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The protocol says recall intentionally injects 'statistically plausible' but 'factually null' semantic ghosts into returned memory data without warning. Introducing undisclosed synthetic noise into recall is dangerous because it can corrupt downstream decisions, poison user trust, and make it difficult to distinguish authentic records from protective artifacts.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.