Back to skill

Security audit

Feedback Learning V2

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local feedback-logging skill that can save feedback and command-error details on disk, but I found no hidden network access, credential theft, destructive behavior, or deception.

Install only if you want a persistent local memory of feedback and command failures. Avoid enabling the automatic Bash error hook for secret-heavy work, restrict permissions on the learning directory, review generated genes before relying on them, and periodically delete or archive logs and reports you no longer need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The boot-sequence examples direct automatic logging of user text, execution context, and stderr fragments into persistent storage without any warning about secrets, tokens, personal data, or proprietary content that may appear in those fields. Because tool output and error streams often contain sensitive material, this can silently create a durable local exfiltration sink and expand the blast radius of routine failures.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The PostToolUse hook configuration causes every Bash tool invocation to trigger an error-capture script, but the documentation does not clearly state that command context and failure output may be persisted on disk. In agent environments, Bash frequently handles credentials, file contents, and operational data, so hook-level logging materially increases the risk of collecting sensitive information without user awareness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically logs both the executed command context and captured stderr from failed commands without any notice, consent, or filtering for sensitive content. In this skill's context, stderr and command strings can easily contain secrets, file paths, tokens, personal data, or other operationally sensitive material, so centralized logging increases the risk of unintended data exposure.

Ssd 3

Medium
Confidence
96% confidence
Finding
The boot instructions normalize automatic persistence of user text, contextual task data, and stderr slices as part of routine agent behavior. This is dangerous because it converts transient interaction and failure data into an append-only history that may include personal data, confidential prompts, internal filenames, secrets, or regulated content.

Ssd 3

Medium
Confidence
95% confidence
Finding
The schema and data model explicitly store trigger text, context, hints, append-only event history, and derived reports, institutionalizing long-lived retention of potentially sensitive conversational and operational data. The surrounding skill context makes this more dangerous because the system is designed for continuous learning, aggregation, and promotion of rules, which increases data volume, persistence, and secondary exposure through reports and derived artifacts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.