Audit Log Firewall

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local audit workflow for pausing risky commands and logging terminal activity, with privacy caveats but no evidence of hidden or malicious behavior.

Install only if you want a local audit trail of agent terminal activity. Before using it in sensitive environments, define the allowlist, decide who can read .logs/SECURITY.json, and establish redaction, retention, and cleanup practices for logged commands and paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly states that all terminal activity is logged with sensitive fields including command text, user, and working directory, but it provides no warning, minimization, redaction, retention, or access-control guidance. In an agent environment, commands and paths can contain secrets, personal data, infrastructure details, or proprietary information, so comprehensive logging can itself become a sensitive data exposure point.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal