Back to skill

Security audit

Session Wrap-Up

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent session wrap-up purpose, but it automatically stages and pushes session-derived files to a Git remote without a review step.

Install only if you are comfortable with the agent creating session summaries and potentially publishing them to the configured Git remote. Use it in a dedicated repository, keep secrets and private files out of scope, verify `.gitignore`, and require a manual review of changed files and the remote destination before any push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to run `git push` automatically and says no confirmation prompt is needed. That creates an unreviewed outbound data transmission path, which can publish session-derived notes, memory files, or other modified content to a remote repository without the user's explicit consent or a sensitivity check.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill metadata and description say it will 'wrap up' the session, but do not clearly disclose that it will create and modify persistent files such as `memory/...`, `MEMORY.md`, and `notes/...`. This can cause users to trigger durable writes without understanding that personal or sensitive conversation content will be stored locally and later potentially committed.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instructions direct the agent to write key topics, decisions, commands, problems solved, and lessons learned into persistent memory files without any requirement to filter secrets, credentials, personal data, or sensitive business information. Because the skill is specifically about summarizing an entire session, its context increases risk: it is likely to capture broad and potentially sensitive content accumulated across the conversation.

Ssd 3

High
Confidence
99% confidence
Finding
The plain-language note that `git push` is automatic instructs the agent to transmit accumulated session contents externally after collecting and storing them. In this skill's context, that is especially dangerous because the content being pushed may include sensitive summaries, long-term memory updates, and notes derived from the user's conversation, with no filtering or approval gate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.