Back to skill

Security audit

Resume Context

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent purpose, but it can read sensitive developer-session data, send it through the configured resume LLM workflow, and cache raw results in Redis with broad activation rules.

Install only if you are comfortable letting this skill access resume session notes for your projects, use your configured LLM provider, and cache raw briefing output in Redis. Use a private authenticated Redis database, keep the cache TTL short or disable caching if possible, avoid capturing secrets in resume sessions, and give explicit project names or paths before invoking it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance uses broad terms like "session" and "status," which can cause the skill to activate for loosely related requests. In this skill, accidental activation is more dangerous because it may search project directories, retrieve developer notes, and send project context through the resume tool and an external LLM pipeline.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description does not clearly warn users that project data may be transmitted to an external LLM service and cached in Redis. Because the content includes coding sessions, project notes, and potentially sensitive development context, users may unintentionally expose proprietary or confidential information without informed consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script stores raw `resume` CLI output in Redis, and that output is explicitly described as session data, project briefings, developer notes, and cached notes that may contain sensitive internal information. Because this caching happens automatically and without any indication of sensitivity controls, encryption, redaction, or user disclosure, it creates a real confidentiality risk if Redis is shared, misconfigured, broadly accessible, or retained longer than expected.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.