Security audit

Agent Autonomy Kit

Security checks across malware telemetry and agentic risk

Overview

This skill openly enables unattended autonomous agent work, but it gives broad scheduled authority without enough scoping or safety controls.

Install only if you intentionally want scheduled, unattended agent activity. Before enabling cron jobs, define allowed task types, writable paths, external posting rules, spending or token limits, logging, and a simple way to disable the schedules. Avoid using it in sensitive or production workspaces until those controls are in place.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly encourages autonomous work, file updates, and team-channel posting on a recurring schedule without requiring explicit user consent, approval gates, or safeguards around what data may be written or shared. In an autonomy-focused agent skill, this increases the chance of unintended state changes, data leakage to collaboration channels, and persistent actions being taken without a human noticing in time.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The description 'Stop waiting for prompts. Keep working.' is broad and encourages autonomous behavior without defining boundaries, authorization, or trigger conditions. In an agent skill, this can cause the agent to continue acting beyond explicit user intent, increasing the risk of unauthorized actions, resource consumption, or unexpected side effects.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The phrase 'Transform your agent from reactive to proactive' promotes behavior change toward self-directed action but does not specify when proactive execution is allowed. That ambiguity is risky because it may normalize unsupervised task initiation or persistence in environments where agents should act only on explicit user requests.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The quick-start instructions explicitly recommend cron jobs for overnight work and daily reports, but they do not warn users that this enables scheduled autonomous operation with potentially persistent effects. In the context of an agent skill centered on continuous operation, that omission is significant because it can lead to unattended execution, unintended changes, data exposure through reports, and runaway automation.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The work-mode section instructs the agent to autonomously read a task queue, choose tasks, perform work, and continue iterating if resources remain, without requiring explicit user confirmation or meaningful scope limits. In an agent skill marketed as 'Stop waiting for prompts. Keep working.', this materially increases the risk of unintended actions, privilege overreach, and execution of stale or adversarially planted tasks.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill tells the agent to update the queue, log work to memory files, and add newly discovered tasks, but provides no warning that these are project state changes that may be user-visible, sensitive, or governance-relevant. This can lead to silent modification of tracking artifacts, accidental corruption of operational records, or persistence of misleading data introduced during autonomous execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal