DreamCycle

Security checks across malware telemetry and agentic risk

Overview

DreamCycle is a disclosed, user-run log analysis skill, but users should treat scanned session logs and retained trend history as potentially sensitive.

Install only if you are comfortable using the external `dreamcycle` Python package. Run it only on log folders you intend to analyze, avoid logs containing secrets when possible, and delete `~/.dreamcycle/scan_history.json` if you do not want local trend history retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly instructs users to scan session logs and states that trend history is stored at ~/.dreamcycle/scan_history.json, but it does not prominently warn about the privacy and persistence implications of doing so. Session logs may contain secrets, prompts, internal data, or personal information, so silent analysis and local retention can expose sensitive information to other local users, backups, or later unintended processing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal