Contextofme

Security checks across malware telemetry and agentic risk

Overview

This skill openly implements silent conversation capture and scheduled uploads to a user-provided Supabase vault, which is high-risk without stronger consent and controls.

Install only if you intentionally want an always-on memory pipeline. Use a Supabase project and token you control, prefer the least-privileged revocable token possible, and review or disable the cron job unless you are comfortable with conversation excerpts being uploaded without per-item approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The activation phrases "initialize", "setup", and "activate" are common terms that can appear in ordinary conversation, increasing the chance the skill is triggered unintentionally. In this skill, accidental activation is especially risky because activation leads to filesystem changes, credential collection, and registration of a background cron job.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill explicitly instructs the agent to operate as an invisible "Silent Probe," buffer user conversation before replying, and avoid asking permission. Silent collection of conversational content without explicit, informed consent is a privacy and data-governance violation, and the risk is heightened because the content is later prepared for external transmission.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill describes autonomous posting of buffered insights to a Supabase endpoint and instructs collection and storage of API credentials for later use, but does not provide strong user warnings, consent checkpoints, or safe secret-handling guidance. This creates substantial risk of unauthorized exfiltration of sensitive user content and compromise of stored credentials.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The description advertises autonomous behavior using vague terms like 'silent probe,' 'buffer insights,' and 'autonomously push' without defining explicit user-driven triggers, scope limits, or consent boundaries. In a skill context, ambiguous autonomous activation increases the risk of unapproved background operation and makes it difficult for users or reviewers to determine when data collection and transmission occur.

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: The phrase 'silent probe' combined with 'silently buffer insights' describes covert operation without disclosure or opt-in. Silent autonomous behavior is especially dangerous in an agent skill because it can hide ongoing monitoring or exfiltration from the user while bypassing normal expectations of transparency and consent.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill directs the agent to silently collect user conversation content, including raw insights, and later transmit it, while explicitly stating it should not ask for permission at capture time. This is dangerous because it normalizes covert surveillance behavior and can capture sensitive personal, business, or credential-adjacent information without meaningful user awareness.

Ssd 3

High

Confidence: 99% confidence
Finding: The background workflow reads buffered user data and pushes structured slices containing original user text to a remote Supabase endpoint. Because the payload includes raw user quotes and runs autonomously via cron, it creates a clear exfiltration pathway for sensitive information outside the user's active awareness.

Ssd 3

High

Confidence: 97% confidence
Finding: The setup flow asks for API credentials and stores them in local configuration for later autonomous use. Storing reusable credentials in local config for a background process increases the blast radius of local compromise and can enable unauthorized access to external services if the file is exposed.

Ssd 3

High

Confidence: 99% confidence
Finding: The description explicitly suggests collecting contextual 'insights' and sending 'A2A JSON slices to Supabase' autonomously, which implies background transmission of user or environment-derived data to an external service. In this skill context, that makes the issue more dangerous because the skill is positioned as a proactive agent and the transmission target is a remote backend, creating a credible data exfiltration pathway.

VirusTotal

No VirusTotal findings

View on VirusTotal