Task Experience Logger

Security checks across malware telemetry and agentic risk

Overview

This skill is a plain task-note logging template that can persist work notes to local memory, so users should review what gets saved.

Install only if you want an agent to keep durable local task notes. Before saving logs or updating MEMORY.md, remove secrets, customer data, private paths, credentials, and anything you would not want reused in future sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is very broad and overlaps with common user intents such as summarizing work, recording notes, or reflecting on a task. That can cause accidental invocation in contexts where the user did not intend persistent logging, increasing the chance of unintended data capture or memory writes.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly states that it supports automatic saving to long-term memory but does not warn that user-provided content, task details, logs, or potentially sensitive data may be persisted. In a logging skill, this context makes the issue more dangerous because users are likely to paste error logs, configuration details, or internal information that should not be stored without informed consent and filtering.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal