Cybernetic Evolver

Security checks across malware telemetry and agentic risk

Overview

This is not clearly malicious, but it should be reviewed because it can persist optimization history and steer agent routing without strong built-in limits.

Install only if you intentionally want an optimizer that can influence agent behavior. Keep it advisory unless your host adds approval gates for real-world or cross-agent actions, restrict save/load to a dedicated directory, and avoid feeding it secrets, private user data, or account-impacting signals without a retention and deletion policy.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill advertises itself as a self-evolution framework but documents file read/write capabilities through save(), load(), and workspace state/log files without declaring permissions. Undeclared persistence increases the chance that a host agent or user will invoke storage operations without realizing local files are being created, read, or modified.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior materially exceeds the manifest description by adding persistent local state, external optimization hooks, arbitrary action transformation, and orchestration/reporting capabilities. That mismatch is dangerous because integrators may trust the narrow 'self-evolution' description while actually embedding a general decision-and-routing engine with filesystem side effects.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The system-level routing and delegation guidance expands the skill from internal optimization into cross-agent orchestration, affecting how tasks are dispatched across a larger system. In context, this makes the skill more dangerous because it can influence external agent behavior and decision paths beyond its stated self-evolution purpose.

Description-Behavior Mismatch

Low

Confidence: 84% confidence
Finding: Persistent file-based state and optimization history are introduced without being disclosed in the manifest description. Even if limited to workspace files, hidden persistence can create privacy, retention, and integrity issues because optimization history may silently accumulate and affect future behavior.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases include broad concepts like 'adaptive AI' and 'self-improving,' which are likely to appear in ordinary discussion and can cause unintended activation. For a skill that can influence optimization, persistence, and agent behavior, accidental triggering meaningfully increases exposure and misuse risk.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The open-ended natural-language trigger wording using 'etc.' makes activation boundaries unclear and hard to audit. Ambiguous invocation is dangerous in a control-oriented skill because users and integrators cannot reliably predict when the framework will engage or modify behavior.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation instructs saving state and performance logs to workspace files but does not warn that optimization history and related data will persist. This is dangerous because users may unknowingly retain behavioral telemetry that can reveal usage patterns, quality metrics, or sensitive operational context over time.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The integration guidance records user-related metrics such as satisfaction and task-completion quality into performance history without any data-handling notice or minimization guidance. In context, this is more sensitive because the skill is intended for system-level optimization, so it can accumulate user-linked behavioral data that influences future decisions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal