Back to skill

Security audit

Context Cleaner

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned but gives an agent broad automatic authority to compress, archive, delete, and terminate session-related state without enough user control.

Review before installing. Use this only if you want an agent to manage session history and sub-agents, and configure it to run in dry-run or archive-only mode by default. Require explicit approval before deletion, context replacement, or sub-agent termination, and keep cleanup logs plus a recovery path for archived sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill states that no special setup or permissions are required while simultaneously describing automatic termination of sub-agents, archiving sessions, and context compression with potential data loss or workflow interruption. This mismatch can cause operators or users to underestimate the side effects and authorize execution in contexts where destructive actions are not expected.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The document's best practices say to archive instead of delete and notify before major cleanup, but the rest of the skill describes automatic cleanup and allows deletion paths. Conflicting guidance is dangerous because an agent may follow the more permissive automation path and remove or alter data without user awareness.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manual triggers are generic phrases like 'Clean up context now' and 'Remove expired sessions,' which can plausibly appear in ordinary discussion rather than as a deliberate command. In an agent skill that archives sessions, compresses context, and terminates sub-agents, ambiguous activation can lead to unintended destructive actions from conversational text alone.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill permits archiving or deleting old sessions based on age or completion criteria without a clear up-front warning about data retention and recovery consequences. Because the skill manages historical session data automatically, users may lose access to needed context or have important work removed without realizing the impact.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.