Back to skill

Security audit

Sharpagent Self Evolving

Security checks across malware telemetry and agentic risk

Overview

This skill is a self-improvement workflow, but it can automatically persist lessons and alter future agent behavior without clear user controls.

Install only if you intentionally want a persistent self-improvement loop. Before using it, set rules for sensitive tasks, where learning records live, how long they remain, how to review/delete them, and require explicit approval before any template, monitor, lifecycle, or other configuration update.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Scope Creep

Medium
Confidence
96% confidence
Finding
The declared contract says the skill only writes LearningEntry and ImprovementHypothesis, but later behavior includes updating templates and configuration. This mismatch breaks least-privilege expectations and can cause downstream systems or users to authorize the skill under false assumptions, enabling broader persistent changes than advertised.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a reflection and learning-record workflow, but it also directs modification of unrelated system artifacts such as local templates and operational configuration. That creates a hidden expansion from analysis into persistent system mutation, which can be abused to alter future agent behavior or trust decisions across tasks.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Writing under ~/.agent-templates/ gives the skill a persistence mechanism that affects future agent runs beyond the immediate task. For a self-reflection workflow, this is broader than necessary and can be used to plant biased, unsafe, or attacker-influenced templates that silently shape later outputs.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phrase 'After every task' makes activation effectively global, causing the skill to run in contexts far beyond a narrowly defined learning workflow. Combined with archival and propagation behavior, this increases the chance of unintended persistence, privilege overreach, and processing of sensitive tasks without clear operator intent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Triggers like 'Every task completion,' 'Major errors mid-task,' and 'Daily summary' are ambiguous and broad, making the skill difficult to contain operationally. In practice this can lead to unexpected execution frequency and repeated writes or config updates, especially in automated environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs automatic archival and propagation that may modify persistent files or configuration, but it does not clearly warn users about these side effects. Hidden persistence is dangerous because users may invoke what appears to be a benign learning aid while unknowingly authorizing system-affecting changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.