Context Gatekeeper

Security checks across malware telemetry and agentic risk

Overview

This is a local conversation-summary helper, but users should be careful because it stores chat history and summaries on disk.

Install only if you are comfortable with selected chat history being stored in the skill's local context files. Keep history short, remove secrets and regulated personal data before logging, inspect current-summary.md before reuse, clear the context files when finished, and only run the background monitor when continuous updates are needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill instructs users to read conversation history from disk, write summaries back to files, and execute a Python script, but it does not declare permissions for file read, file write, or shell execution. That mismatch weakens security review and consent because the operational behavior is more privileged than the manifest communicates.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly instructs operators to append every incoming and outgoing message to `context/history.txt` and keep token-audit data with each response, but provides no guidance for excluding secrets, personal data, credentials, or other sensitive content. In a conversation-management skill, this creates a real privacy and data-retention risk because the tool’s normal operation encourages persistent storage of potentially sensitive chat content that may later be summarized, inspected, or leaked from disk or logs.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The activation text is broad enough to trigger during many normal summarization or context-management situations, which can cause the skill to run more often than intended. In this skill, over-triggering increases exposure because each run may log and recycle conversation content, including sensitive data, into persistent files and future prompts.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script persists conversation-derived content, including recent turns and detected pending actions, to a markdown file on disk by default. In a context-management skill, conversation history may contain secrets, personal data, or proprietary information, so silent persistence increases confidentiality risk if the file is later accessed, indexed, synced, or retained longer than expected.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill explicitly tells operators to log every prompt and response, store them on disk, and re-inject recent content into later model calls. That creates a clear data propagation channel for secrets, personal data, tokens, or other sensitive user content to persist longer than necessary and appear in future prompts, summaries, or outputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal