Max-Self-Improvement

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory skill, but it needs review because it can persist conversation-derived context and raw error output with weak consent, redaction, and deletion boundaries.

Install only if you intentionally want a cross-session memory and self-improvement system. Before use, add rules requiring confirmation before writes, avoid storing raw command output or full context, redact secrets and personal data, and define a way to review, expire, and delete saved memories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (12)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger list includes very broad natural-language phrases like 'improve your response', 'do you remember', and 'record this lesson', which are likely to appear in ordinary conversation. That can cause unintended activation of memory-writing behaviors and persistence workflows without the user's informed intent, especially in multi-purpose chat contexts.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: Phrases like 'Can you also...', 'I wish you could...', and 'Is there a way to...' are common conversational patterns, not reliable consent signals for durable logging. Automatically treating them as feature-request events creates a high risk of over-collection and unintended retention of routine user statements.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill describes persistent cross-session memory and continuous learning but does not clearly warn users that conversation-derived content may be stored long term. Without a conspicuous notice and consent boundary, users may disclose sensitive information under the assumption that it is ephemeral.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The template includes placeholder trigger phrases such as "When user says..." and "When situation..." that are so broad they could be copied into a real skill without meaningful activation boundaries. In a skill framework, ambiguous triggers can cause unintended activation, routing, or execution in contexts the author did not intend, which increases the chance of unsafe or irrelevant behavior.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The entry point section defines conditions and actions with placeholders like "When..." and "Do..." but provides no structure for guardrails, preconditions, or when the skill must not run. If reused as-is or followed loosely, this can lead to overbroad entry points that activate in unintended contexts and perform actions without sufficient scoping or safety checks.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document explicitly defines persistent memory files and promotion of conversational/task data into longer-term storage, but provides no consent, notice, retention controls, or data-minimization guidance. This creates a privacy and data-governance risk because user content, tool outputs, and inferred preferences may be stored beyond the immediate session without the user's knowledge.

Missing User Warnings

High

Confidence: 99% confidence
Finding: Stating that user preferences are kept '永不删除' (never deleted) is a strong signal of indefinite retention without consent or lifecycle controls. Permanent storage of preference data can accumulate sensitive inferences over time, increasing privacy exposure, regulatory risk, and harm if the memory store is later accessed, leaked, or misused.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The architecture describes saving raw episodic cases and preserving state across restart for context recovery, which can capture substantial task/context data without informing the user. Raw case storage especially raises the chance of retaining sensitive prompts, outputs, errors, and identifiers that were only intended for transient use.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The script persists raw error output into a markdown file under a hidden learnings directory without any notice, consent, redaction, or sensitivity checks. Command output frequently contains secrets, tokens, file paths, stack traces, or user data, so this creates a privacy and credential exposure risk if the log is later read, synced, or committed.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill is explicitly designed to persist user preferences, project context, lessons, and session data into long-term memory files across sessions. Because the instructions are broad and not paired with sensitivity screening or data-minimization controls, the system can retain secrets, personal data, or confidential project information and later surface it in unrelated contexts.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The templates direct the agent to log 'Full context', command inputs, parameters, environment details, error output, and user context into persistent files. Those fields are exactly where tokens, credentials, proprietary code paths, personal data, and incident details often appear, making this a direct retention and later-exposure risk.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The promotion rules encourage transferring behavioral patterns, workflow details, tool tips, and project facts into long-term memory stores without any review for confidentiality or appropriateness. This increases the chance that transient, sensitive, or context-specific information becomes durable and later accessible beyond its original purpose.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal