Nm Scribe Session Replay

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it turns selected local Claude session logs into GIF replays, with a privacy risk users should manage before sharing outputs.

Before using this skill, assume the generated GIF may reveal anything visible in the selected Claude session, including prompts, code, file paths, tool summaries, and secrets. Use explicit session paths or narrow turn ranges, keep sensitive layers hidden, inspect the GIF before sharing it, and separately evaluate the required scribe/scry/VHS tooling.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly operates on local Claude session JSONL files and renders their contents into a GIF, but it does not warn that those sessions may contain sensitive prompts, secrets, internal tool output, or other private conversation data. That omission increases the chance a user will replay and share confidential content without realizing the privacy implications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal