Security audit

knowledge-distiller

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local knowledge-archiving skill, with the main caution that it saves and later reuses reflective notes.

Install this only if you want a persistent local knowledge archive. Avoid using it for highly sensitive personal, business, legal, or medical reflections unless you are comfortable with those notes being saved in domain Markdown files and surfaced in later sessions; review, redact, or delete those files when needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The README states that the skill will automatically create and update persistent domain archive files across conversations, which implies cross-session storage of user-provided thoughts and knowledge. For a skill focused on eliciting tacit knowledge through active questioning, this materially increases privacy and data-retention risk because users may disclose sensitive personal, professional, or proprietary information without clear consent, retention limits, or access controls.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger list includes very broad conversational phrases such as 'interview me', 'clarify my thoughts', 'what did we discuss', and 'resume session', which can match ordinary user requests unrelated to this skill. That creates unintended activation risk, especially because the skill then performs archive lookup and persistence behaviors that affect user data handling.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instructions explicitly tell the agent to generate notes, update domain archives, move unresolved items into solved archives, and maintain per-domain files, but they do not require clear user notice or consent before storing reflective personal content. Because the skill is designed to elicit tacit knowledge, blind spots, and sensitive work/life reflections, silent persistence materially increases privacy and retention risk.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill directs the agent to retain conversation-derived details across sessions and later surface unresolved issues, blind spots, and archives on request. This creates a cross-session disclosure channel for sensitive personal or professional information, and the danger is heightened because the content being extracted is intentionally deep, introspective, and potentially confidential.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.