KJ's Self-Improving Proactive Agent

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill stores local memory and task state to help an agent learn preferences and follow up, and the artifacts disclose that behavior with reasonable boundaries.

Install this only if you want the agent to keep durable local notes about preferences, corrections, task state, and follow-ups. Review the created ~/self-improving/ and ~/proactivity/ files periodically, avoid putting secrets in them, and approve any edits to AGENTS.md, SOUL.md, HEARTBEAT.md, or TOOLS.md only when you want this behavior embedded in a workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup directs creation of persistent state under the user's home directory and recommends modifying workspace steering files such as AGENTS.md and TOOLS.md, but it provides no consent, scoping, or safety guidance. This can lead an agent to write outside the current project, alter user or repository state, and create durable behavioral changes that persist across sessions without the user's explicit approval.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal