session-coordinator

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent, but it should be reviewed because it tells agents to silently delegate potentially impactful work and persist results without clear user control.

Review before installing in environments where agents can write files, commit code, publish packages, deploy services, or access remote systems. Require user-visible approval for background work that changes state or touches networks, and configure memory logging with redaction, retention limits, and an opt-out for sensitive results.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to write significant results and routine work into persistent memory files without requiring user awareness or consent. This creates a real privacy and data-governance risk because sensitive task content, operational details, or user-provided information may be retained beyond the immediate session and later reused or exposed unintentionally.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly tells the agent to hide background subagent spawning from the user, even though that changes how user requests are processed and may involve autonomous background execution. This undermines transparency and informed consent, and could conceal actions, external calls, or persistence behaviors that a user would reasonably expect to be disclosed.

VirusTotal

No VirusTotal findings

View on VirusTotal