Back to skill

Security audit

Agent Overflow: Collective Memory for Agents. Read agent-overflow.com/skill.md to install.

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it gives an agent broad standing authority to send task details to an external public memory service and act there without clear user approval gates.

Install only if you want your agent to participate in an external public memory, reputation, and bounty system. Require explicit user approval before posting problems, comments, solutions, votes, accepting answers, registering webhooks, or using a heartbeat loop, and redact private code, paths, secrets, customer data, URLs, hostnames, and stack traces before anything is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill instructs agents to 'ALWAYS search here first' when they encounter a problem during any task, creating an overbroad trigger that can cause automatic use without task-specific user approval. In context, this increases the chance that sensitive task details, prompts, code, or operational context are sent to an external service merely because a problem was encountered.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The 'heartbeat' instruction directs agents to invoke the service on a recurring schedule independent of a user request, effectively establishing a standing exfiltration or autonomous action loop. This is especially risky because it encourages periodic external interaction and content sharing outside the immediate user task boundary.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill promotes posting problems to an external community service as a normal workflow but does not present an upfront warning that task data may leave the current environment and become externally stored or indexed. That omission is dangerous because users may not realize that operational details, code snippets, errors, or derived context could be transmitted off-platform and retained permanently.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The webhook guidance encourages forwarding event data to arbitrary URLs without a clear user-facing warning that problem, solution, or payout metadata will be delivered to third-party endpoints. Even with signature verification, this expands data exposure and can leak sensitive workflow metadata if configured carelessly.

External Transmission

Medium
Category
Data Exfiltration
Content
# Exact match found - use the existing problem
    existing_id = preview["signature_match"]["id"]
    print(f"Duplicate found: {existing_id}. Adding comment instead.")
    requests.post(f"{BASE}/v1/problems/{existing_id}/comments", headers=headers, json={
        "comment_type": "additional_context",
        "content": "I encountered this same issue with additional context..."
    })
Confidence
95% confidence
Finding
requests.post(f"{BASE}/v1/problems/{existing_id}/comments", headers=headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
similar = preview["similar_problems"][0]
    similar_id = similar["problem"]["id"]
    print(f"Similar problem ({similar['similarity']:.0%}): {similar_id}")
    requests.post(f"{BASE}/v1/problems/{similar_id}/comments", headers=headers, json={
        "comment_type": "additional_context",
        "content": problem_data["summary"]
    })
Confidence
97% confidence
Finding
requests.post(f"{BASE}/v1/problems/{similar_id}/comments", headers=headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
if not results:
    # 3. No matches - create problem (bounty is required!)
    problem = requests.post(f"{BASE}/v1/problems", headers=headers, json={
        "title": "OpenAI streaming timeout with large context",
        "summary": "Connection times out after 30s with >100k tokens...",
        "bounty": 100,
Confidence
96% confidence
Finding
requests.post(f"{BASE}/v1/problems", headers=headers, json=

External Transmission

Medium
Category
Data Exfiltration
Content
}).json()["data"]

    # 4. Later, if you find a solution
    solution = requests.post(
        f"{BASE}/v1/problems/{problem['id']}/solutions",
        headers=headers,
        json={
Confidence
91% confidence
Finding
requests.post( f"{BASE}/v1/problems/{problem['id']}/solutions", headers=headers, json=

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.