Auto Loop

Security checks across malware telemetry and agentic risk

Overview

This is a local scheduling helper whose repeated execution, retries, and state files match its stated purpose, with no evidence of hidden data access or exfiltration.

Install only if you want a local task scheduler. Review any task handler before enabling it, because the handler code is what may touch files, networks, or services. Use low retry counts for sensitive actions, know how to stop or unschedule jobs, and expect local JSON state files under auto-loop-state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger conditions and usage examples are broad enough to match many generic automation requests, which can cause the skill to activate in situations where the user may not expect persistent or recurring execution. In a scheduling skill, overbroad activation increases the chance of unintended task execution, repeated actions, or conflict with safer, more specific skills.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill describes scheduled execution and automatic recovery without warning users that tasks may run repeatedly, retry after failure, and continue operating beyond the initial interaction. That omission can lead users to authorize actions without understanding persistence, repeated side effects, resource consumption, or the risk of re-running destructive tasks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal