Security audit

Auto Context Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a local keyword-based project context helper with some ambiguity risks, but no evidence of hidden access, exfiltration, destructive behavior, or unrelated authority.

Before installing, review and edit ~/.auto-context/projects.json after first use, replace generic keywords like hello/help/status with project-specific terms, and treat low-confidence detections as suggestions rather than automatic authority to switch context or load unrelated memory. Consider removing or pinning chromadb if you do not need vector matching.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The README advertises automatic project detection and seamless context switching without defining clear activation boundaries, confirmation steps, or safeguards against incidental triggering. In an agent skill, overly broad automatic context changes can cause the system to apply the wrong project state to ordinary conversation, which can misroute actions, expose unrelated local context, or produce unsafe behavior based on mistaken assumptions.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The example configuration uses extremely common words like 'hello', 'help', 'status', and 'general' as project keywords, which makes accidental activation highly likely. In a context-management skill, broad triggers increase the chance that unrelated messages are classified into a project context, potentially causing leakage of project-specific state or incorrect automated behavior.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation guidance is broad enough to trigger automatically at session start or whenever context is merely 'unclear,' which can cause the agent to invoke project-detection logic without clear user intent. In a context-management skill, unintended invocation can misclassify the user's project, bias later tool selection or memory access, and create cross-project context leakage risks.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The instruction to trigger on 'project keywords' is underspecified, so common or ambiguous words may cause the skill to infer the wrong project and prioritize unrelated skills or memory. Because this skill is specifically designed to steer context selection, vague keyword matching increases the chance of accidental context switching and exposure of incorrect project-specific data.

Unpinned Dependencies

Low

Category: Supply Chain
Content: chromadb>=0.4.0
Confidence: 93% confidence
Finding: chromadb>=0.4.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal