Back to skill

Security audit

Session-logs

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: search the agent's own local session logs, with no evidence of exfiltration, persistence, or unrelated system access.

Install only if you are comfortable letting the agent search older local session logs. Ask it to limit searches by date, topic, or session when possible, and avoid surfacing unrelated sensitive content from prior conversations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to search complete historical session logs, including older and parent conversations, but does not include any user-facing privacy warning, consent check, or minimization guidance. This creates a real privacy risk because a user may ask an innocuous question without realizing the agent is authorized to inspect broad prior conversation history that may contain sensitive data from unrelated contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.