Back to skill

Security audit

Chain of Consciousness

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed provenance logger, but it broadly encourages persistent logging of learned information and decision reasoning without enough scoping or redaction guidance.

Review before installing. Use this only when you intentionally want persistent local audit logs, review or pin the PyPI dependency, and instruct the agent not to log secrets, personal data, regulated information, raw conversation text, hidden reasoning, or confidential project details. Check chain contents before exporting or sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that provenance tracking will occur automatically and supports exporting the trail, but it does not clearly warn that agent decisions, learned information, and generated artifacts may be persistently recorded. In a skill centered on audit trails, this omission can mislead users into enabling logging of sensitive prompts, internal reasoning summaries, or project data without informed consent, increasing privacy and data-governance risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation guidance is broad enough to encourage use at the start, during, and completion of ordinary tasks, which can cause pervasive logging of agent activity far beyond narrowly scoped provenance use cases. In this skill, that breadth compounds the separate reasoning-logging behavior and increases the chance of capturing sensitive prompts, deliberation, or user data in routine workflows.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to maintain an auditable record of what it learned and decided, which directs collection of internal reasoning and decision history. That is dangerous because such logs can expose hidden chain-of-thought, sensitive intermediate analysis, and user-derived confidential information in persistent artifacts that may later be exported or shared.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The examples and event taxonomy normalize recording reasoning and decision history, including 'record the reasoning' and examples tied to user preferences and choices. Concrete examples make misuse more likely in practice, leading agents to persist sensitive cognitive traces and personal/contextual data into local files and exported provenance bundles.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The rules section explicitly says to log decisions with reasoning, reinforcing prohibited capture of internal deliberation as a required operating practice. Because it appears as a normative rule, it materially increases the likelihood that downstream agents will systematically disclose hidden reasoning and embed it in tamper-evident audit trails that are hard to retract.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.