Self-Improving Agent

Security checks across malware telemetry and agentic risk

Overview

This skill persistently records local learning notes and optional reminders, but the behavior is disclosed, purpose-aligned, and not exfiltrating or destructive.

Install this if you want a persistent local learning log for your agent. Review entries before promoting them into AGENTS.md, SOUL.md, TOOLS.md, CLAUDE.md, or Copilot instructions; avoid secrets and raw transcripts; prefer project-scoped hooks before global hooks; and pin or inspect the source if installing manually from GitHub.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The document states that the scripts 'only output text' and 'don't modify files or run commands,' but the configuration explicitly registers them as shell command hooks. That misleading assurance can cause operators to trust and deploy executable hooks without appropriately reviewing script behavior, which increases the chance of unintended code execution under the agent's privileges.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs the agent to create local directories and files during first use without consistently requiring an immediate user-facing warning or confirmation. Silent filesystem writes can surprise users, create persistence they did not authorize, and in sensitive environments may store metadata or operational details in places they did not intend.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: Using an empty matcher causes the hook to fire on every prompt, creating a broad automatic execution surface for the configured command. In a self-improvement skill, this means unreviewed script logic runs continuously across all interactions, increasing exposure to prompt-triggered abuse, sensitive-context handling mistakes, or operational instability.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: User-level global activation extends the broad hook behavior across all projects and sessions, magnifying the blast radius of any script defect or misuse. Because this skill is designed to capture learnings from many contexts, global installation makes inadvertent collection or processing of unrelated, potentially sensitive prompt content more likely.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The Codex example also uses an unconstrained matcher, so the command hook executes for any prompt. That broad trigger scope is risky because it normalizes always-on command execution in another agent environment, where prompts may include secrets, proprietary code references, or unrelated tasks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal