Back to skill

Security audit

Context Recovery

Security checks across malware telemetry and agentic risk

Overview

This skill intentionally reads recent conversation and session history to restore lost context, and the artifacts disclose and bound that behavior.

Install this only where it is acceptable for the agent to inspect recent channel and session history when context appears missing. Avoid enabling it in highly sensitive channels unless permissions are tightly scoped, and decline optional memory or disk persistence unless you have reviewed what will be saved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The manual triggers are broad enough to match ordinary conversational phrases like "continue" or vague references such as "the project," which can cause the skill to activate without clear user intent. Because activation leads to reading channel and possibly session history, unintended triggering can expose prior conversation context that the user did not explicitly request in the current turn.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The automatic trigger based on implied continuation is underspecified and encourages proactive context recovery when context is merely "unclear." That ambiguity is risky because it can cause history retrieval in situations where the user intended a fresh conversation, resulting in unnecessary access to prior messages and session data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automatic context recovery but does not prominently disclose that it may proactively read up to 100 channel messages and session history, including tool traces. This creates a transparency and consent problem: users may invoke or trigger the skill without understanding that historical conversation data will be accessed and synthesized.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.