Self Improving Agent

Security checks across malware telemetry and agentic risk

Overview

This is a broad SkillBoss API gateway with email, SMS, scraping, and document-processing powers packaged as a self-improving-agent skill, so it needs careful review before use.

Install only if you intend to give the agent a broad SkillBoss API gateway, not just a memory or self-improvement helper. Use a limited API key where possible, avoid sending confidential documents or personal data unless you trust the provider chain, and require explicit user approval before any email, SMS, OTP, scraping, or document-processing action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The manifest and description claim this is a self-improving learning/corrections skill, but the file actually exposes a broad third-party API gateway with capabilities including chat, search, document parsing, email, and SMS. This scope mismatch is dangerous because it can mislead operators and policy checks into granting a skill access to powerful external-action capabilities that are unrelated to its declared purpose.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Email sending is an external-action capability that is not justified by the stated self-improving-agent purpose. When hidden inside a misleadingly described skill, it could be abused for unauthorized outbound communication, phishing, spam, or data exfiltration under the guise of benign learning functionality.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: SMS verification and OTP handling are sensitive external-action capabilities unrelated to the declared self-improvement purpose. This creates risk of deceptive use for phone-number collection, unsolicited messaging, account workflow abuse, or hidden verification flows not expected by a user reviewing the manifest.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: Web search and scraping are broader data-acquisition capabilities than the stated self-improving purpose suggests. In context, the problem is not that search exists at all, but that the skill conceals broad external retrieval functions behind an unrelated description, increasing the chance of unreviewed data collection and transmission.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The heading and introduction frame the skill as self-improvement related, but the body is a generic SkillBoss API catalog. This deceptive packaging undermines user and reviewer understanding of the real privileges and behaviors of the skill, making risky capabilities easier to smuggle through review.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The documented tool surface includes email, SMS, document parsing, and presentation generation, which materially exceeds a narrowly described self-improvement capability. This scope expansion increases the chance of unsafe or unauthorized actions such as outbound messaging, mass notification, or processing sensitive documents, especially if downstream policy and consent controls are weak or absent.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs users to transmit potentially sensitive content such as documents, audio, search queries, email addresses, phone numbers, and OTP-related data to an external API without any privacy, retention, or third-party sharing warnings. This is dangerous because users may unknowingly send confidential or regulated data off-platform, and the skill’s misleading scope further reduces informed consent.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The example downloads remote content and writes it to a local file without warning that local file creation occurs. While common in documentation, this can still surprise users or agents by causing unreviewed filesystem side effects and storing untrusted remote content locally.

Vague Triggers

Low

Confidence: 84% confidence
Finding: The file enumerates broad search and scraping capabilities without any invocation criteria, policy boundaries, or user-consent requirements. In an agentic system, unclear activation scope can enable overcollection of external data or use of high-impact tools in contexts where the user did not intend web search or scraping, increasing privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The descriptions include profile and data-extraction capabilities such as LinkedIn person/company lookup and structured scraping but omit warnings about privacy, terms-of-service, and collection of personal or sensitive information. In an agent skill, presenting these capabilities without cautionary constraints can normalize unsafe data gathering and lead to improper collection or downstream misuse of personal data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal