goal-agent

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates an autonomous agent loop, but its core generated heartbeat and evaluator templates are missing from the reviewed package, so the most important behavior cannot be checked before activation.

Treat this as an autonomous agent controller, not just a scaffold. Do not activate it in a production or sensitive workspace until the missing templates are supplied and reviewed. If used, run it in an isolated VM or low-risk workspace, keep a backup of the original HEARTBEAT.md, use read-only metric commands, set a low max-iteration count, and avoid goals involving finances, public accounts, credentials, destructive actions, or sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The skill is described as a self-learning autonomous optimizer, but the file actually scaffolds artifacts that later replace the agent heartbeat and can drive repeated autonomous actions. This mismatch can cause users to underestimate the operational risk, approve the skill with insufficient scrutiny, and activate a loop that performs broad agent actions constrained only by text instructions rather than enforcement.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The activation guidance instructs users to copy the generated HEARTBEAT.md into the agent's global control path, but gives only broad encouragement and limited exclusion criteria. Because this effectively hands ongoing decision authority to a generated feedback loop, vague activation boundaries increase the chance of unsafe deployment in sensitive environments or with harmful goals/metric commands.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal