Autonomous Learning Cycle

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed autonomous learning system, but it enables persistent scheduled automation, writes new tasks and skills, and runs shell-based external discovery without enough scoping or user control.

Install only if you intentionally want a persistent autonomous background system. Before enabling it, inspect the exact scheduled jobs, run it in a contained workspace, fix or disable the npx-based discovery command, require manual approval before adding generated tasks or using generated skills, and confirm how to remove all scheduled jobs and generated files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (12)

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: This is a real integrity bug: createSkillFromPattern mutates an in-memory pattern object, but savePatterns() reloads patterns from disk and writes that fresh copy back, so convertedToSkill/convertedAt are lost. In an automation engine that scans and auto-creates skills, this can cause repeated creation attempts, inconsistent state, and corrupted workflow history rather than a direct code-execution issue.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This markdown actively instructs users to install the skill, run initialization scripts, configure cron, and start the system, while also promoting recurring automated jobs such as every-17-minute execution and daily/weekly reflection tasks. Even though this file is documentation rather than executable code, it encourages persistence and unattended execution without prominently warning about system modification, resource consumption, or the security implications of scheduled task registration.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document promotes a '17-minute autonomous cycle' and automatic reflection/skill creation, but does not warn that these features may execute persistently and make ongoing changes without active user review. In a skill that explicitly emphasizes autonomy and scheduled behavior, omission of safety caveats can mislead users into enabling system-impacting automation they do not fully understand.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The release summary lists setup-cron.js and startup steps in a way that normalizes enabling persistent automation, but does not warn users that cron registration creates recurring background execution. That creates a real safety issue because users may install or publish the skill without understanding the persistence, execution frequency, or operational side effects.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The release notes explicitly advertise a timed autonomous loop and automatic skill creation, but do not warn that the system may continue running in the background and modify behavior or files over time. In a skill that claims 'autonomous learning' and 'self-evolution,' omission of these warnings can lead users to enable persistent automation without understanding the scope of ongoing changes.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup instructions tell users to run a cron configuration step, but do not clearly disclose that this creates persistent scheduled execution beyond the current session. That increases the risk of users unintentionally installing background automation that continues invoking local scripts and any side effects they perform.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document promotes a system that 'continuously evolves without human intervention,' which normalizes reduced oversight while omitting safeguards, approval boundaries, or rollback expectations. In the context of an agent skill, encouraging unattended self-modification or autonomous skill generation materially increases the chance of unsafe, irreversible, or policy-violating changes.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly advertises autonomous task execution and automatic skill creation, but the documentation provides no warning that the system may modify files, create new skills, or act with reduced user oversight. In a self-modifying or self-extending agent context, lack of clear consent and scope boundaries increases the risk of unintended persistence, file changes, and privilege misuse.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The installation flow instructs users to run setup and start scripts that configure recurring cron jobs, but it does not clearly warn that this establishes background persistence. A persistently scheduled agent that runs every 17 minutes materially increases risk because it can continue executing, changing state, and consuming resources after the initial install.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The guide instructs users to create a public GitHub repository and push the current directory without warning that all tracked files may become publicly accessible. In a skill/project workspace, this can unintentionally expose sensitive artifacts such as configs, tokens, credentials, internal notes, or other local files that were not meant for publication.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script executes an external command via `execSync` using data-derived search terms and does so without explicit user acknowledgement. Even though the category values appear to come from local queue data, this still causes network/package-tool activity and external code-path invocation in an automated workflow, which increases supply-chain and unsafe-execution risk in an agent context.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The default behavior is `auto`, which chains analysis, external discovery, task generation, and persistent queue updates without explicit user opt-in. In an autonomous agent setting, this is dangerous because merely invoking the script can trigger external subprocesses and alter long-lived state, enabling unintended propagation of unreviewed tasks and risky automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal