16 Self Improving Agent Proactive Self Reflection

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory skill, but it gives the agent broad persistent memory and steering-file influence that users should review before installing.

Install only if you want a durable local memory system that can influence future agent behavior. Prefer Passive or Strict mode, require confirmation before new memories are written, review any proposed AGENTS.md, SOUL.md, or HEARTBEAT.md edits, and periodically inspect or delete ~/self-improving/ if it contains sensitive or outdated information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The documented behavior goes well beyond short-lived self-reflection and instead defines a persistent user-memory system with search, deletion, export, indexing, and lifecycle management. That creates an unnecessary data-retention surface where user preferences, corrections, and project information may be stored and reused across sessions without strong purpose limitation.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: A full memory export/download feature materially increases data exfiltration risk because it enables bulk extraction of everything the agent has accumulated about the user or their projects. For a skill advertised as self-reflection, this capability is not necessary and expands the blast radius of any misuse, prompt injection, or accidental disclosure.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: Scheduled maintenance, archival, tiering, and compaction turn the skill into a storage-management subsystem rather than a self-reflection aid. These background processes can preserve and redistribute sensitive information over time, making retention harder for users to understand and increasing the chance of stale or forgotten data being surfaced later.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation guidance is overly broad because it instructs the agent to run this skill before starting work and after every response, causing pervasive self-invocation and persistent memory activity across unrelated tasks. In a memory-writing skill, that broad trigger increases the chance of unnecessary collection, retention, or propagation of user-provided data and amplifies any mistakes in what gets logged.

Missing User Warnings

Low

Confidence: 96% confidence
Finding: The template explicitly instructs creating directories and files under the user's home directory on first activation, but provides no user warning, confirmation step, or description of the filesystem side effects. In an agent skill, silent persistence and local state creation are security-relevant because they can surprise users, violate least astonishment, and normalize unauthorized writes that could be abused in broader workflows.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill states it will load a persistent memory file on every session and update it automatically based on usage patterns, but it does not provide an explicit warning, consent flow, or clear boundaries for what may be stored. This creates a privacy and integrity risk because user data, preferences, or sensitive context could be persisted and modified across sessions without the user's informed approval.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill describes automatic loading of memory on session start and automatic writes on correction receipt, but gives no user-facing notice that persistent files will be accessed and updated. This undermines informed consent and can lead users to reveal preferences, project details, or corrections without realizing they are being durably stored and reused.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Automated weekly archival and compaction change where user data lives and how long it persists, yet the document does not warn users about those retention and movement behaviors. Hidden background retention processes are dangerous because they make deletion expectations unreliable and obscure the real lifecycle of stored information.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The guidance instructs the agent to archive and compact memory contents, including moving data to COLD storage and summarizing prior records, but it provides no user-facing notice, consent requirement, or retention boundary. In a self-improving memory skill, silent modification of stored user context can change what data is retained, how it is represented, and whether sensitive historical information remains accessible, creating privacy and integrity risks.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The recovery steps authorize rebuilding memory from other files and logging incidents without explaining reconstruction scope, retention implications, or what data sources may be reused. In this skill context, that is risky because a self-learning agent may reconstitute previously minimized or archived user data and generate additional logs containing sensitive preferences or project details without explicit approval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal