Back to skill

Security audit

Snip Compressor

Security checks across malware telemetry and agentic risk

Overview

This skill is a local conversation compressor whose file input and optional output behavior matches its stated purpose, with no evidence of hidden network access, credential use, or destructive actions.

Install only if you are comfortable letting the skill process conversation history. Prefer stdin/stdout for sensitive chats, avoid using --output on conversations containing secrets or personal data unless you control the destination file, and treat broad prompts like "continue" as potentially triggering context summarization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and demonstrates file read/write behavior by accepting an input conversation file and producing an output file, but it does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: a host may load the skill believing it has no sensitive capabilities, while the implementation can still process local files and write derived data containing potentially sensitive conversation history.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger includes broad phrases like "continue" and "where were we," which are common in normal conversation and can cause the skill to activate unintentionally. In this skill's context, accidental activation is meaningful because the compressor may ingest and summarize prior chat history, potentially exposing or retaining sensitive context when the user did not explicitly request compression.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
When --output is used, the tool writes compressed conversation content directly to disk, including user messages, key decisions, active context, and summarized tool results, without any safeguard, redaction step, or explicit warning. In a conversation compressor, this is materially risky because chat logs often contain secrets, personal data, credentials, or proprietary context that can persist on disk and be exposed through weak file permissions, backups, or later reuse.

Ssd 3

Medium
Confidence
93% confidence
Finding
The compressor intentionally preserves and republishes raw user content, key decisions, active context, and tool results into the output transcript and summary. In this skill's context, that behavior is central to functionality, but it also creates a real data leakage risk because sensitive material from prior turns or tool outputs may be surfaced again in condensed form, increasing the chance of disclosure to downstream consumers, logs, or files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.