Back to skill

Security audit

Agent Observability - Open the Black Box

Security checks across malware telemetry and agentic risk

Overview

This is a local observability skill that writes expected monitoring logs and reports, with a privacy caution because those logs can contain sensitive agent output.

Install only in workspaces where local memory logs are access-controlled. Avoid passing secrets, regulated data, or private user content into agent outputs or reasoning summaries unless you have a retention and redaction policy, and periodically review or delete memory/decisions-audit.jsonl and memory/traces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly installs observability components that persist decision reasoning summaries, agent outputs, and failure traces to disk, but the documentation does not clearly warn users about privacy, retention, or the possibility of storing sensitive prompts, outputs, or operational metadata. In an agent environment, these logs can easily capture secrets, proprietary data, or user content, creating a real confidentiality and compliance risk even if the feature is intended for debugging and monitoring.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installation instructions tell users to copy monitoring scripts into the workspace and schedule weekly execution, which creates ongoing background data collection and repeated file writes without clearly disclosing that behavior. This is dangerous because users may enable recurring logging and report generation without realizing that sensitive operational data will continue to accumulate over time, increasing exposure in the event of local compromise, over-retention, or misconfigured access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code persists a 500-character snippet of low-scoring subagent output to disk under memory/traces without any consent, notice, retention control, or redaction. Subagent output can easily contain sensitive user prompts, secrets, personal data, tool results, or internal chain-of-thought-style traces, so writing it to a predictable workspace location creates an avoidable confidentiality and privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal