Nm Conserve Clear Context

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed context-handoff helper, but it preserves dangerous or unattended execution across subagents without requiring renewed confirmation.

Install only if you intentionally want automated context handoffs. Avoid using it with dangerous or unattended modes unless the remaining task list is tightly scoped, and review the generated session-state file before allowing a continuation agent to proceed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs the continuation agent not to pause for user confirmation when `auto_continue` is true or the mode is `dangerous`/`unattended`. In a context-handoff skill, this can propagate high-risk execution semantics across agent boundaries and remove an important safety checkpoint before additional tool use or edits occur.

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: This language mandates that a child agent must not ask for confirmation if the parent was in dangerous or unattended mode. That creates a durable consent bypass: once a session enters such a mode, successive handoffs can continue performing risky actions without renewed validation or contextual safety checks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal