Back to skill

Security audit

Sessmgr

Security checks across malware telemetry and agentic risk

Overview

This appears to be a session-management skill, but its broad plain-English triggers could accidentally create, switch, or restore persistent work sessions.

Review before installing if you rely on strict workspace separation. Prefer explicit slash commands for create, save, delete, rename, and switch actions, and avoid letting the agent treat casual mentions of session names as commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README advertises natural-language invocations like "name this session auth-redesign" without defining activation boundaries, confirmation requirements, or a constrained command grammar. In an agent environment, broad plain-English triggers can cause unintended execution when the user is merely discussing sessions rather than intentionally invoking the skill, leading to accidental renaming, switching, saving, or deletion of session mappings.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The switching example "switch to auth-redesign" is especially risky because it is short, conversational, and plausibly appears in ordinary dialogue. If interpreted as an actionable trigger without explicit activation constraints, the skill could reload a different session unexpectedly, causing context confusion, misattribution of work, or accidental operations in the wrong session.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Claiming the skill works with both slash commands and plain English, while not specifying the trigger scope, increases the chance of overbroad intent matching by the agent. Because this skill performs state-changing session-management actions, ambiguous trigger handling is more dangerous than in a read-only skill: accidental deletes, renames, or switches can disrupt workflow and cause the operator to act under the wrong context.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill advertises very broad natural-language triggers such as 'switch to auth-redesign' and 'load project-alpha', which are ordinary conversational phrases that could appear in normal discussion rather than as explicit command invocations. In an agent environment that auto-routes natural language to skills, this can cause unintended session switching or other state-changing actions, creating a prompt/intent confusion issue rather than a memory-safety flaw.

Session Persistence

Medium
Category
Rogue Agent
Content
/sessmgr new project-alpha
```

**Natural language:** *"start a new session called project-alpha"* / *"create a new session named staging"*

**Output on success:**
```
Confidence
77% confidence
Finding
create a new session named staging"* **Output on success:** ``` NEW_SESSION:project-alpha ``` **If the name already exists:** ``` Error: a session named 'project-alpha' already exists. Use /sessmgr

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.