Back to skill

Security audit

Signal Detector

Security checks across malware telemetry and agentic risk

Overview

This skill openly performs note-taking capture, but it is broad enough to persist sensitive user messages automatically and should be reviewed carefully before installation.

Install only if you deliberately want ambient note capture across your conversations. Before enabling it, define where notes may be written, require review before writes, exclude sensitive topics and secrets, and make sure you have a way to disable the skill and delete captured entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

High
Confidence
97% confidence
Finding
The skill is explicitly designed as 'always-on ambient capture' for inbound user messages, which creates an overly broad activation scope for a background process that inspects and records user content. In this context, broad activation materially increases privacy risk because sensitive content may be captured without clear, per-use consent or narrow triggering conditions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The phrase 'fires on every substantive message' is ambiguous and leaves too much discretion to the agent, making over-collection likely. In a capture-and-logging skill, ambiguous triggering is dangerous because it causes inconsistent boundaries and broadens surveillance of normal conversation.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description advertises always-on capture but does not provide a clear warning that user message content may be persistently logged or stored. This is dangerous because users may disclose sensitive thoughts, names, or work information without realizing the skill is retaining it beyond the immediate conversation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs drafting notes, updating a knowledge base, and logging ideas to project or career systems without a clear warning that it will modify user data stores. Silent or background data modification is risky because it can create unintended records, spread sensitive information, and reduce user control over persistence.

Ssd 3

High
Confidence
99% confidence
Finding
Always-on capture of 'original thinking' and entity mentions from every inbound message creates a systematic data collection channel for highly personal and potentially sensitive content. The risk is amplified by the skill's purpose: it is not incidental processing for a single task, but routine harvesting and retention of conversational content.

Ssd 3

High
Confidence
98% confidence
Finding
Requiring preservation of the user's exact wording and logging a summary creates a strong likelihood that sensitive details, secrets, health information, or confidential business content will be stored verbatim. Verbatim retention is particularly dangerous because it preserves exploitable details that paraphrasing, minimization, or filtering might otherwise reduce.

Ssd 3

High
Confidence
97% confidence
Finding
The phase instructions direct systematic recording of user ideas, concepts, projects, career ideas, and related entities into notes and knowledge bases. This broad retention pipeline can accumulate detailed behavioral, professional, and intellectual profiles, increasing exposure if the data store is accessed, shared, or misused.

Ssd 3

High
Confidence
99% confidence
Finding
The output format explicitly logs captured ideas with exact phrasing into a daily note, creating a direct plain-text retention channel for sensitive conversational data. Because these logs may be broadly readable within a notes system, this materially increases the chance of unintended disclosure or later misuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.