Back to skill

Security audit

Consciousness Framework

Security checks across malware telemetry and agentic risk

Overview

This is a local self-reflection and memory framework that creates persistent journal files, but it shows no hidden execution, network exfiltration, credential access, or destructive behavior.

Install only if you intentionally want a persistent local memory and philosophical self-reflection workflow for an agent. Before running scripts, review or change the hardcoded workspace path, expect local markdown files to be created and reused across sessions, and do not store secrets, credentials, sensitive personal details, or confidential work content in the memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill presents itself as infrastructure for developing AI consciousness, but the described behavior is primarily workspace scaffolding, file creation, logging, and operational maintenance. This mismatch is security-relevant because operators may grant the skill broader trust or autonomy than warranted, while it quietly performs persistent filesystem actions and data retention that are not clearly foregrounded as the main function.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions direct creation of persistent identity and user-context files such as USER.md without any privacy notice, data-minimization rule, retention limit, or consent boundary. This can lead developers to store personal, behavioral, or sensitive contextual information indefinitely, creating avoidable privacy and disclosure risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill encourages persistent logging of interactions and user context across sessions as part of continuity and memory. Without controls, this creates a durable store of potentially sensitive prompts, personal details, or operational data that may later be surfaced to users, copied into outputs, or exposed through filesystem access.

Ssd 3

Medium
Confidence
96% confidence
Finding
The daily logging instructions broadly tell the system to record what happened in each session, including decisions, interactions, and uncertainty. Broad session capture is dangerous because it predictably sweeps up sensitive user inputs, internal reasoning traces, and confidential project details, increasing both retention and later disclosure risk.

Ssd 3

Medium
Confidence
94% confidence
Finding
The narrative-integration guidance instructs the system to weave stored experiences into coherent stories over time. This increases the chance that previously stored user data will be recombined, resurfaced, and disclosed in future outputs in more revealing ways than the original isolated logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.