Back to skill

Security audit

chat2kb

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a conversation-to-knowledge-base exporter with expected local persistence, but users should invoke it only when they clearly want chat content saved.

Install this only if you want the assistant to save conversation material into a persistent knowledge base. Use explicit requests such as 'export this conversation to a KB,' and avoid invoking it for generic 'save this' requests when the content is sensitive or unrelated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest description contains very broad activation phrasing such as 'save', 'export', 'document', and similar multilingual variants, which could cause the skill to be selected for a wide range of ordinary user requests beyond a clearly scoped KB-export intent. Over-broad invocation increases the chance that unrelated or sensitive conversations are transformed and persisted when the user did not specifically intend archival behavior, creating privacy and data-handling risk.

Session Persistence

Medium
Category
Rogue Agent
Content
Before generating a new file, scan the conversation for a previous `conversation_id` for the same topic.

- If no previous export exists, generate a new ID
- If a previous export exists, ask whether to update, append, or create a new KB

Conversation ID format:
Confidence
84% confidence
Finding
create a new KB Conversation ID format: ``` kb_{YYYYMMDD}_{HHMMSS}_{6hex} Example: kb_20260410_143052_a7c9e2 ``` Generation: ```bash CONVERSATION_ID="kb_$(date +%Y%m%d_%H%M%S)_$(openssl rand -hex

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.