Back to skill

Security audit

Session Sync Detect

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cross-session memory helper that asks before searching or writing, but users should treat its prompts as access to private history.

Install only if you want cross-session recall. Confirm searches only when you intended to use prior sessions or shared memory, and do not approve syncing passwords, API keys, private messages, or other sensitive details into shared memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger signals are extremely broad and include common conversational patterns like references to earlier discussions, names, or requests to 'check' something. Even with a confirmation step, this can cause the skill to prompt for cross-session access too often, nudging users into broader data retrieval and increasing the chance of unnecessary exposure of prior-session information.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction 'better to ask more than miss it' explicitly biases the skill toward over-activation. In a skill that can access shared memory and session history, over-triggering is dangerous because frequent prompts normalize retrieval of data from other sessions and can pressure users into consenting to searches they did not specifically request.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description says the skill will act whenever a user mentions something not present in the current session, which is a broad trigger for automatic cross-session sync prompts. In a skill that can read and write memory files and inspect session history, this can cause unnecessary activation around ordinary conversation, increasing the chance of privacy-invasive prompting or accidental memory operations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description says the skill detects when a user mentions things not present in the current session and then asks about cross-session synchronization, but it does not define clear consent, scope, or trigger boundaries. In a memory/session skill, ambiguous activation can cause unintended prompting or transfer of context across sessions, creating privacy and data-handling risks.

Ssd 3

Medium
Confidence
88% confidence
Finding
The skill is explicitly designed to retrieve and render prior session or memory content in plain language, including source, time, content, and location. Even though retrieval occurs after confirmation, the design lacks any visible authorization, minimization, redaction, or per-source access control, so a user could be shown sensitive historical data more broadly than necessary once sync is approved.

Ssd 4

Medium
Confidence
80% confidence
Finding
This staged flow detects possible cross-session intent, asks a seemingly benign sync question, and then performs broader searches across memory files and recent sessions. In this skill context, that pattern is risky because the consent step is generic and the subsequent access can span multiple historical data sources without demonstrating least-privilege, identity binding, or sufficiently informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.