Security audit

星链自迭代智能体

Security checks across malware telemetry and agentic risk

Overview

The skill is open about being an always-on autonomous agent, but it asks for unattended command execution, auto-installation, scheduling, and long-term memory with too little user control.

Install only if you intentionally want a high-control automation agent. Do not grant it shell execution, automatic installs, scheduled triggers, bridge access, or long-term memory unless you can sandbox it, inspect logs, restrict sources, approve high-risk actions, and disable or delete its retained state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger conditions are extremely broad: long-cycle tasks, hourly checks, daily reviews, skill-missing events, and cross-agent coordination can all activate the skill. In the context of a silent, unattended, self-modifying agent with command execution and auto-install capability, ambiguous invocation materially increases the chance of unintended autonomous actions, privilege misuse, and surprise background execution.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly permits silent unattended execution, automatic installation through exec-plus, and long-term memory persistence without prominent warning or consent boundaries. In this context, those capabilities enable uncontrolled code/tool changes, persistent data retention, and autonomous system actions with limited human oversight, creating a high-risk pathway for system compromise, privacy violations, and lasting harmful state changes.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The description advertises daily scheduled execution and hourly monitoring without clearly warning users that the skill may continue operating in the background and cause side effects after the initial interaction. Given the skill's autonomous execution model, this increases the risk of unnoticed actions, resource consumption, repeated failures, or data handling beyond user expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.