Osop Log

Security checks across malware telemetry and agentic risk

Overview

This skill only creates local session log files, with no hidden code, network upload, or credential handling found.

Install this if you want structured local records of completed sessions. Review generated .osop and .osoplog.yaml files for secrets, private project details, command output, or sensitive reasoning before committing, sharing, or uploading them to the linked viewer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill is triggered by the broad phrase 'You just completed a task. Now produce a structured session log,' which can match ordinary post-task agent behavior rather than an explicit user request. This creates a prompt-squatting risk where the skill may activate unexpectedly after many unrelated tasks, causing unintended file creation and automatic logging of activity that may include sensitive workflow details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal