Security audit

Skill Error Recovery

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent error-recovery helper, but users should be careful because it may persist full error details that can contain secrets.

Before installing, decide whether local error journals are acceptable in your projects. Configure the agent to redact tokens, credentials, headers, private paths, and sensitive API responses before writing memory/errors/, and require explicit user approval for authentication recovery, dependency installation, permission changes, or documentation updates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The example contradicts the surrounding policy by saying human action is needed while also stating the agent will try token authentication. That inconsistency can normalize autonomous credential handling after an auth failure, which is risky because authentication recovery often requires explicit user consent and secure secret management.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly promotes persistent logging of errors to `memory/errors/` but does not mention redaction, access controls, retention limits, or avoidance of secrets in stack traces and command output. Error records commonly contain tokens, file paths, API responses, credentials, and user data, so persistent storage can turn routine failures into a durable sensitive-data exposure.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The metadata says the skill triggers on generic words like 'error', 'failed', 'crash', 'something went wrong', and 'retry', which are common in normal conversation and many unrelated workflows. Overbroad activation increases the chance the skill runs unexpectedly and influences agent behavior in contexts where its recovery logic was not intended.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The standalone trigger list repeats vague, high-frequency phrases, including multilingual variants, without requiring a real failure signal or explicit invocation. This can cause accidental activation and unintended control over agent responses, especially in chats discussing errors hypothetically rather than experiencing them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.