Back to skill

Security audit

Pre-Compact Resume Card

Security checks across malware telemetry and agentic risk

Overview

The skill behaves as advertised, but it locally saves and reloads conversation context that may contain sensitive information.

Install only in workspaces where saving chat transcripts and resume summaries locally is acceptable. Add thinking/session-logs/ and .claude/session-resume-card.md to .gitignore if needed, avoid using it with secrets in prompts, and remove the hooks if you do not want automatic context reloads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly backs up transcripts and automatically injects prior session content, but it does not provide a prominent warning about privacy, retention, or possible inclusion of secrets from prior conversations. This is dangerous because users may unknowingly persist sensitive prompts, credentials, or internal context to disk and reintroduce them into future sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads the conversation transcript and writes excerpts of the last user and assistant messages into a persistent project file (`.claude/session-resume-card.md`) without consent, redaction, or visibility controls. This can expose sensitive prompts, secrets, or proprietary discussion content to other tools, collaborators, commits, backups, or source-control history.

Ssd 3

Medium
Confidence
90% confidence
Finding
Retaining and reinjecting prior user and assistant content across sessions changes the normal isolation boundary between sessions and can cause sensitive or stale instructions to persist unexpectedly. This can lead to privacy leakage, accidental propagation of confidential material, and unintended influence from old context in a new session.

Ssd 3

Medium
Confidence
94% confidence
Finding
Backing up transcripts into rolling session logs creates a clear data-retention surface where sensitive conversation history may accumulate on disk over time. Even with a limit of 30 files, the retained logs may expose credentials, proprietary code, or personal data to other local users, backups, or later compromise.

Ssd 3

Medium
Confidence
96% confidence
Finding
The script copies full conversation transcripts into a project-local backup directory, increasing the lifetime and surface area of potentially sensitive data. In a project workspace, these files may be accidentally committed, read by other local tools, or accessed by collaborators who should not see chat history.

Ssd 3

Medium
Confidence
97% confidence
Finding
The resume-card logic extracts and persists plain-language snippets from the latest user and assistant messages. Even truncated to 200 characters, this can leak secrets, credentials, internal URLs, customer data, or sensitive strategic context into a markdown file that is easier to notice, index, sync, or commit than the original transcript.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.