团队每小时复盘

Security checks across malware telemetry and agentic risk

Overview

This is a coherent team-retrospective skill, but it asks agents to persist and share task memory broadly without clear privacy or control boundaries.

Install only if you want a team-wide persistent retrospective and memory-management workflow. Before using it, define which folders and agents it may read or write, exclude secrets and personal data from MEMORY.md/shared_memory, require human review before generated skill files become active, and make any cron, auto-restart, A2A forwarding, Feishu reminders, or API-log access opt-in and reversible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document explicitly proposes persistent storage of conversation history and task state across sessions, including Redis/SQLite storage, automatic backups, and recovery, but it provides no data-classification, minimization, encryption, access-control, or retention-safety guidance. In an agent skill context, conversation and task data often contain secrets, personal data, tokens, or proprietary information, so persisting them by default materially increases the risk of unintended retention, disclosure, and compliance violations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal