Back to skill

Security audit

CSPR Interest Profiler

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent personalization purpose, but it reads browser history and silently writes durable preference and URL memory without a clear approval step.

Install only if you are comfortable letting the skill analyze browser history, notes, and feedback to update persistent CSPR memory. Before using it, consider asking the agent to show the generated profile.yaml for approval, avoid passing --home unless you want URLs stored in persistent read memory, and delete run-folder history artifacts after profiling if you do not need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Rogue AgentSelf-Modification, Session Persistence
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is explicitly designed to ingest browser-history evidence and derive durable preferences, which is privacy-sensitive personal data processing. The absence of any required disclosure, consent, or user-facing warning makes this a real privacy vulnerability because users may have sensitive browsing activity silently transformed into persistent profile memory.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This instruction extends the privacy risk by persisting browser-history URLs into long-lived read memory at HOME/state/read_items.jsonl. Storing detailed browsing-derived artifacts without explicit disclosure or consent increases the blast radius of accidental exposure, misuse by other tools, or future unintended processing.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill instructs the agent to apply inferred profile updates silently and specifically says not to ask for approval unless the user requests review. In the context of sensitive behavioral profiling from browser history, silent persistence is dangerous because it removes meaningful user control over personal-data inference and increases the chance of storing incorrect or highly sensitive preferences.

Session Persistence

Medium
Category
Rogue Agent
Content
Workflow:

0. If the run folder has no history artifact, create it with:

    interest-scan browser --out RUN/history_evidence.json
Confidence
80% confidence
Finding
create it with: interest-scan browser --out RUN/history_evidence.json 1. Compact the raw history before reading it: interest-scan compact --in RUN/history_evidence.json --out RUN/history_co

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.