Back to skill

Security audit

Proactivity.BAK

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only proactivity skill whose local memory and optional workspace integration are disclosed and aligned with its purpose, but users should review the persistence behavior before installing.

Install this only if you want the agent to keep persistent local notes in ~/proactivity/ and use them to act more proactively across sessions. Review any proposed AGENTS/SOUL/TOOLS/HEARTBEAT edits before approving them, keep secrets and sensitive data out of the state files, and delete or archive ~/proactivity/ if you want to reset the behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The setup creates a durable local memory, session state, heartbeat, patterns, and log system that persists user/task data beyond the immediate interaction. Even if intended to improve proactivity, this expands retention and behavioral influence in ways not clearly bounded by the skill's stated purpose, increasing privacy risk and the chance of overcollection or unintended reuse of sensitive context.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The skill instructs the agent to modify or prepare modifications to core workspace governance files (SOUL, AGENTS, HEARTBEAT, TOOLS), effectively changing global agent behavior and routing. This broadens the skill's authority from local proactivity into persistent workspace policy manipulation, which can silently influence future behavior across unrelated tasks if approved or adopted without careful review.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill’s invocation guidance is broad enough to trigger on many normal requests that involve planning, anticipation, or maintaining momentum. In practice, this can cause the agent to activate proactive behaviors in contexts the user did not explicitly intend, increasing the chance of unwanted persistence, extra file reads/writes under ~/proactivity, or unsolicited follow-up behavior.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation preferences section explicitly invites broad auto-activation conditions such as jumping in on blocked work, context drift, or missing next steps without requiring concrete trigger criteria, scope limits, or approval thresholds. In a proactive agent skill, this increases the chance of the agent acting on ambiguous signals, over-collecting context, or taking unintended actions beyond user expectations.

Ssd 3

Medium
Confidence
91% confidence
Finding
The instructions explicitly direct persistent logging of preferences, task state, blockers, partial findings, follow-ups, and action history across multiple files. This creates a structured surveillance and retention surface for potentially sensitive user and work information, with unclear minimization, consent, or retention boundaries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.