Back to skill

Security audit

Super Agent Knowledge

Security checks across malware telemetry and agentic risk

Overview

This skill is a local knowledge-capture guide with disclosed file storage and maintenance commands, but users should be careful with what they store and with unattended cleanup.

Install only if you want a persistent local knowledge store. Avoid adding secrets, private customer data, or copyrighted/proprietary material unless you are allowed to retain it, and run `know tidy` in audit mode before using `know tidy --fix` or any cron/heartbeat automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is framed as a universal knowledge-capture system for URLs, extracts, posts, and research outputs from virtually any source, but it provides no trigger boundaries, trust limits, or content-safety constraints. In an agent setting, this can lead to over-collection of sensitive, irrelevant, proprietary, or adversarial content and normalize storing unvetted material for later reuse.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation recommends running `know tidy --fix` automatically in heartbeats or cron, while describing behavior that can normalize tags, move files, and remove empty content without emphasizing the risk of destructive modification. In practice, an agent or user may enable unattended maintenance that alters or deletes stored knowledge, causing integrity loss or accidental data destruction.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.