Back to skill

Security audit

Self Improving + Proactive Agent

Security checks across malware telemetry and agentic risk

Overview

This self-improvement skill stores local memory to improve future agent behavior, which matches its purpose but deserves user awareness.

Install only if you want the agent to keep local memory about corrections, preferences, and recurring patterns. Periodically review the stored files, avoid putting secrets in feedback that may be logged, and clear or disable the memory if you do not want it reused later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically log user corrections and preferences into local files, but the user-facing description and usage guidance do not clearly foreground that persistent storage happens automatically. This creates a consent and privacy risk because users may provide corrective feedback or preferences without realizing they are being retained across sessions in `~/self-improving/`.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Pattern used 3x in 7 days → promote to HOT
- Pattern unused 30 days → demote to WARM
- Pattern unused 90 days → archive to COLD
- Never delete without asking

### 4. Namespace Isolation
- Project patterns stay in `projects/{name}.md`
Confidence
84% confidence
Finding
without asking

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.