Back to skill

Security audit

Self Learning Agent

Security checks across malware telemetry and agentic risk

Overview

The skill is a transparent local memory system, but it can save raw session details and turn learned content into future agent rules without clear consent or safety limits.

Install only if you intentionally want a local long-term memory system. Keep the memory directory private, review it regularly, avoid storing secrets, credentials, customer data, private personal details, or sensitive infrastructure information, and require human approval before anything is promoted into AGENTS.md or another instruction-bearing file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manual trigger phrases are broad enough to fire during ordinary conversation, which can cause the agent to persist content the user did not intend to store. In a memory skill designed for cross-session retention, accidental capture increases privacy risk and can retain sensitive or misleading data without clear consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill is explicitly designed to persist lessons, corrections, preferences, and facts across sessions, but it provides no user-facing notice, consent flow, or retention boundaries. That creates a privacy and compliance risk because users may disclose personal or sensitive information without realizing it will be stored long-term.

Ssd 3

Medium
Confidence
98% confidence
Finding
This skill broadly instructs the agent to preserve cross-session context, including user preferences, corrections, facts, and notes, without meaningful data minimization. Because the whole purpose of the skill is persistent memory, this materially increases the chance of retaining confidential, personal, or security-relevant information beyond the current session.

Ssd 3

Medium
Confidence
97% confidence
Finding
The session rules instruct the agent to write down anything the user asks it to remember and to maintain daily logs, which encourages indiscriminate persistence of session content. Without privacy checks or scope limits, this can store confidential instructions, personal details, or transient context that should not survive across sessions.

Ssd 3

Medium
Confidence
96% confidence
Finding
The automatic capture and daily-log sections encourage saving non-obvious facts about people, projects, and raw session details, but they impose no privacy boundaries, sensitivity screening, or approval step. This is dangerous because it can silently accumulate behavioral profiles, internal business context, or sensitive operational information over time.

Context Leakage

High
Category
Data Exfiltration
Content
├── [Do work]
    │
    ├── Capture insights → knowledge cards
    ├── Log session → daily log
    │
Session End
```
Confidence
92% confidence
Finding
Log session

Persistent Context Injection

Medium
Category
Memory Poisoning
Content
## Promotion Rules

When the same lesson appears 3+ times in cards:
- Promote it to AGENTS.md as a permanent rule
- Mark the original card as "promoted"
- This prevents the agent from re-learning the same lesson
Confidence
94% confidence
Finding
a permanent rule

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.