Session Log

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local session-logging skill, but it intentionally keeps short conversation summaries on disk across resets.

Install only if you want agents to keep local session summaries across resets. Keep the sessions folder in a controlled workspace, avoid recording secrets or sensitive personal data, and define retention and report access rules before enabling it across multiple agents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill instructs the agent to create and append to session log files, which is a file-write capability, but it does not declare permissions or constraints around where and what may be written. Undeclared write behavior is dangerous because it weakens reviewability and can enable unintended persistence of sensitive conversation data or writes to incorrect paths when integrated into agent workflows.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The skill description claims automatic session-start logging, ongoing summary appends, and reset-surviving continuity, but the content only provides manual instructions and a helper invocation. This mismatch is security-relevant because operators may assume reliable, bounded behavior while the actual implementation is partial and includes undisclosed timestamp handling, leading to incorrect trust, logging gaps, and accidental misuse of retained data.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill directs persistent creation of session files and appending conversation summaries without warning that user-provided content may be logged to disk and later read by other processes. In this context, that creates a clear privacy and data-handling vulnerability because sensitive prompts, decisions, or identifiers can be retained and exposed beyond the original session.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill explicitly instructs agents to persist topic summaries across resets so they can be used later, creating a durable data retention channel for conversation-derived content. That is dangerous because resets may imply ephemerality to users or operators, while the skill silently preserves information in plain-language logs that can outlive the session and be reused in other contexts.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The daily report instructions tell another workflow to enumerate, read, and incorporate all agents' session files, which propagates logged conversation data across agents and reporting processes. This expands the disclosure surface substantially: information shared in one agent context may be exposed to other agents, reports, operators, or automation without granular consent or access control.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal