Security audit

Daily Self Improvement

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does the daily report it advertises, but it needs review because it includes a hardcoded local gateway token and prefilled Discord delivery from local notes/logs.

Review carefully before installing. Remove and rotate the hardcoded gateway token, replace the Discord channel with one you control, disable Discord until you have reviewed the exact payload, and avoid scheduled runs until the local write targets and note/log contents are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The script contains a hardcoded fallback bearer token and automatically uses it if the environment variable is absent. Embedding credentials in distributable code is dangerous because anyone with access to the skill can reuse the token to interact with the local gateway, potentially sending unauthorized messages or abusing any additional gateway capabilities tied to that credential.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly describes aggregating failure logs, user corrections, and daily notes, then generating a report and pushing it to Discord, but it does not mention consent, redaction, minimization, or privacy boundaries. In this skill context, those sources are likely to contain sensitive prompts, personal notes, operational mistakes, or confidential workspace data, so exporting summaries to an external service creates a real data disclosure risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill description clearly states automation around collecting failure records, daily notes, and corrections, and later sending a generated report to Discord, but it does not prominently warn users that potentially sensitive user-authored history will be read and summarized for external transmission. This is dangerous because users may install or schedule it without understanding the privacy implications, leading to unintended disclosure of personal or internal information.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The package description indicates the skill runs automatically every night, collects the day's errors and problems, searches for improvement ideas, and pushes a report to Discord, but it does not define clear activation boundaries, consent requirements, or data-handling limits. In an agent ecosystem, broad autonomous behavior increases the risk of over-collection, unintended execution, and transmission of sensitive operational data to external services.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script automatically transmits summarized issue data, task names, and lessons to Discord without any consent, review step, or redaction. In this skill context, the collected content may include internal errors, operational details, or sensitive notes from the user's workspace, so silent exfiltration to an external communication channel materially increases privacy and data leakage risk.

Ssd 3

Medium

Confidence: 94% confidence
Finding: These instructions explicitly direct collection of user corrections, daily notes, and failure logs, then generation of a report that is pushed to Discord. That creates a direct data-exfiltration path from internal/user-provided content to an external service, and natural-language summarization does not eliminate the sensitivity of the underlying data.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The documented workflow compounds the risk by instructing the agent to extract information from internal notes and corrections, persist derived content into memory, and then transmit a summary externally. In this context, the skill is specifically designed to mine accumulated internal context, making accidental leakage more likely and more severe than a generic reporting tool.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.potential_exfiltration

Environment variable access combined with network send.

Critical

Code: suspicious.env_credential_access
Location: scripts/run.cjs:14

File read combined with network send (possible exfiltration).

Warn

Code: suspicious.potential_exfiltration
Location: scripts/run.cjs:38