Lightweight Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

This is a local knowledge-base skill with disclosed persistent memory features, but users should review the prefilled profile and enabled automation before use.

Install only if you want a local persistent memory/profile system. Before using it, edit or reset data/user_profile.json, disable enabled daily/deep-dialogue tasks in data/task_rhythm.json if you do not want recurring updates, and avoid storing API keys or sensitive personal data in indexed memory files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly describes an automatic daily evolution process that updates the knowledge graph and user profile, but it does not state any user-consent, preview, confirmation, rollback, or audit requirements. In a memory-management skill, silent mutation of stored personal data can lead to integrity issues, privacy surprises, and persistent corruption of user state if the automation behaves incorrectly or is triggered unexpectedly.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The schedule policy allows broad automatic execution and vague recovery behavior such as running missed tasks in the next cycle without clear bounds, consent checks, or task-specific safety gates. In this skill, that creates a real risk of autonomous actions being performed at unintended times, especially for profile-updating or knowledge-modifying actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guidance explicitly instructs querying user profiles and historical case data as part of routine task execution, but it does not require user consent, purpose limitation, minimization, or any privacy notice. In an agent skill, this can normalize unnecessary access to personal data and lead to over-collection or secondary use of sensitive information beyond the user's expectation.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The sample commands print full profile traits and aggregated case data directly to the terminal using jq, which can expose sensitive or identifying information in logs, scrollback, recordings, or shared shells. Even as documentation, this encourages unsafe operator behavior and creates a concrete path for accidental data disclosure.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The scheduled task explicitly says it will conduct a natural conversation to collect user information and update a profile, indicating ongoing data gathering on an automated schedule. In a memory/task-management skill, this is more dangerous because it normalizes recurring collection of potentially sensitive personal data without any visible consent, minimization, or retention controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal