Back to skill

Security audit

Agent History

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only helper for searching past local coding-agent conversations, but users should understand it can expose sensitive prior chat content.

Install only if you are comfortable letting your agent search prior local coding-agent conversations. Prefer project-scoped searches first, avoid `--global` unless necessary, and review results carefully before sharing anything that may include secrets, credentials, private code, or unrelated user data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly encourages querying conversation history from all installed agents and says this should be used proactively, but it does not prominently warn that prior sessions may contain secrets, credentials, tokens, proprietary code, or unrelated user data. Because the tool searches cross-session and potentially cross-project history, an agent following this skill could surface sensitive information beyond the user's current request or intended scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.