Nm Conserve Context Map

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed project-scanning helper that builds a local context map, with manageable risks around broad activation and generated files.

Install only if you want an agent to scan and summarize your local project. Use it on intended repositories, consider --no-wiki if you want to avoid creating .codesight/ files, and be aware that broad trigger words may cause the skill to be selected more often than expected.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list contains highly generic terms like "context," "scanning," and "exploration," which are likely to match ordinary user requests unrelated to this specific skill. That increases the chance of unintended activation, causing the agent to run repository-wide scanning behavior and expose unnecessary project structure or consume resources when the user did not explicitly ask for it.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill describes wiki/article generation under `.codesight/` but does not clearly warn that running the scanner may modify the repository by creating files. In a security-sensitive or clean-worktree workflow, unexpected writes can pollute the repo, interfere with tooling, or lead users to run a command with side effects they did not knowingly approve.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal