Self-Improving Agent (CEO Edition)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory skill that persists agent preferences and lessons, so it should be enabled deliberately but does not show malicious or hidden behavior.

Install this only if you want the agent to keep local, cross-session memory about preferences, corrections, and workflow lessons. Review any AGENTS.md, SOUL.md, or HEARTBEAT.md changes before applying them, do not let it store secrets or sensitive personal data, and periodically inspect ~/self-improving/ so stale or unwanted entries can be edited or removed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (10)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill is designed to run broadly ('before starting work and after responding') and to persist behavior changes over time, which can cause it to activate in many ordinary conversations without clear user consent. In a memory-writing skill, over-broad activation increases the chance of unnecessary collection, storage, and reinforcement of user-specific preferences or corrections from routine interactions.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Several trigger phrases are common conversational language ('Actually...', 'I prefer...', 'Stop doing X'), so the skill may treat normal dialogue as durable memory input. Because the skill stores and promotes patterns automatically, ambiguous triggers can create persistent, unintended records or rules based on context-specific remarks.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The kill switch is triggered by a simple natural-language phrase, "forget everything," which can plausibly appear in ordinary conversation, quoted examples, tests, or adversarial prompt content. In a self-improving agent with persistent memory, this creates a realistic risk of unintended memory deletion or attacker-induced wiping of learned state, causing integrity and availability issues.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The template instructs first-use creation of directories and files under the user's home directory without any warning, consent step, or explanation of persistence. In a self-improving agent context, silent creation of a long-lived storage area increases the chance of unexpected data retention and unauthorized local state changes, even if the commands themselves are not inherently destructive.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly states it will load and automatically modify a persistent memory file, including adding entries and compacting content, without any clear requirement for user consent or a confirmation step before writes. This creates a real integrity and privacy risk because the agent may persist sensitive or incorrect information across sessions and silently alter user data in a way the user did not authorize or notice.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill specifies automatic loading, searching, and writing of persistent memory files at session start and upon receiving corrections, but it does not require explicit user notice or consent before accessing or modifying stored data. In a self-improving agent, this creates a real privacy and integrity risk because the agent may persist sensitive user information or alter long-term memory unexpectedly, making the behavior more dangerous than in a non-persistent skill.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The weekly maintenance workflow automatically moves, archives, and compacts memory data without clearly informing the user about retention periods or automated data lifecycle changes. This is dangerous because users may reasonably expect their stored information to remain where it was saved or to be deleted when forgotten, while background archival can preserve or relocate sensitive data in ways that are not transparent.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: This section describes maintaining and updating persistent memory/index files, including archiving and scheduled compaction, but does not mention any user-visible notice, consent boundary, or review step before modifying stored data. In a self-improving agent skill, silent persistence can cause the system to retain user preferences, project details, or behavioral inferences without clear awareness, increasing privacy and trust risks over time.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to write to persistent files in the user's workspace immediately and repeatedly, including before the final response, without requiring explicit user consent at the time of modification. That creates a real risk of unauthorized workspace changes, hidden persistence of model-generated content, and contamination of future runs with unreviewed self-authored rules.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: These instructions direct edits to AGENTS.md and related steering/configuration documents while presenting them as routine setup, but they do not clearly warn that existing agent behavior and persistent configuration will be changed. Modifying control files in this way can silently alter future agent actions, expand automatic memory-writing behavior, and make the changes hard for users to notice or audit.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal