Neuroboost Elixir

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives an agent broad autonomous memory, repair, restart, persistence, and trading-style workflow instructions that need careful review before use.

Install only if you intentionally want an always-on autonomous-agent framework. Keep its memory files in a dedicated workspace, review what it writes, do not store secrets or private keys, disable broad auto-activation where possible, and require explicit approval before restarts, config changes, external messages, purchases, posts, or trades.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The skill is presented as a cognitive/memory/health upgrade, but it embeds concrete multi-agent trading and market-monitoring workflows that materially expand operational scope into autonomous financial activity. That creates capability creep: a user invoking a benign-sounding optimization skill could unknowingly enable agent behavior involving market scanning, trade analysis, and execution, which carries obvious financial and safety risk.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The document claims destructive actions are never autonomous, yet elsewhere allows original files to be deleted after monthly merge. That contradiction weakens operator expectations and can normalize autonomous deletion under the guise of maintenance, increasing the chance of unintended data loss or policy bypass.

Vague Triggers

High

Confidence: 98% confidence
Finding: The skill is set to auto-activate and uses very broad triggers like 'fix', 'system', 'memory', 'optimize', and 'repair'. This makes accidental invocation likely during unrelated conversations, which is especially dangerous because the skill also encourages autonomous persistence, patrol, restarts, and self-modification behaviors.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The autonomy-tier section authorizes file creation, config modification, and service restarts with minimal friction, but does not prominently warn users about system impact, persistence, or recovery risks. Because the skill auto-activates and frames such actions as normal self-maintenance, it can induce unauthorized or surprising environmental changes.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill promotes perpetual cross-session memory, logging, and persistent state, but does not lead with a clear privacy and retention disclosure. Users may share sensitive or personal information without realizing it can be written into long-lived files, indexes, logs, or dashboards and resurfaced later.

Natural-Language Policy Violations

Medium

Confidence: 83% confidence
Finding: The skill includes locale-specific behavior assumptions, such as Chinese-language logging/output patterns, without a clear opt-in mechanism. While not severe on its own, this can cause unintended data formatting, disclosures, or communication behavior that does not match user expectations or policy requirements.

Natural-Language Policy Violations

Low

Confidence: 78% confidence
Finding: The example user preference model hardcodes a Chinese/English split and encourages persistence of that preference in shared memory structures. This is a mild boundary issue because it normalizes storing and applying user-specific communication preferences without an explicit consent flow.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill directs the agent to auto-save key session context and restore it across sessions, which can include sensitive user-provided details. Persistent storage of conversation-derived context increases privacy risk, especially when coupled with auto-activation and no strong consent, minimization, or retention controls.

Ssd 3

High

Confidence: 98% confidence
Finding: The memory architecture explicitly instructs the agent to preserve user preferences, recent context, and long-term knowledge in persistent files such as INDEX.md and MEMORY.md. This creates a durable profile of the user and their activities, which is especially risky because the skill does not enforce consent, data classification, or strong limits on what gets retained.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal