Back to skill

Security audit

Context Booster

Security checks across malware telemetry and agentic risk

Overview

This context-memory skill appears purpose-aligned, but it stores and reuses broad conversation and environment context across sessions without clear consent, limits, or deletion controls.

Install only if you want durable cross-session memory. Treat stored context as potentially sensitive: avoid secrets, check where memory is written, look for commands to inspect or delete it, and prefer using it in a scoped workspace rather than across broad personal or project data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The FAQ states that key conversation context is automatically saved at the end of each session and can be restored in a new session, but it does not clearly warn users at the point of description that persisted data may include sensitive or personal information. In a context-retention skill, automatic cross-session storage materially increases privacy risk because users may assume the conversation is ephemeral while the system preserves data locally for later retrieval.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README explicitly states that context enhancement can pull from historical conversations, long-term memory, external knowledge bases, and related files, but it does not describe any consent model, access boundaries, redaction rules, or privacy safeguards. In a context-management skill, this omission is security-relevant because it normalizes broad data aggregation and retrieval that could expose sensitive user data, prior chats, or local/project information beyond user expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly advertises capturing, compressing, retrieving, injecting, and persistently storing conversation context across sessions, but only much later gives a brief note that sensitive information needs special handling. That is insufficient for a design centered on collecting broad user/session data, because it can normalize retention of secrets, personal data, and system state without consent, minimization, retention limits, or access controls.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code example shows capture of both userInput and ecosystemState(), which could contain credentials, personal data, tokens, file contents, or other sensitive runtime information. Presenting this as a normal usage pattern without prominent safeguards encourages over-collection and unsafe persistence of high-value data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The version history explicitly advertises context capture and cross-session persistence, which implies retention of potentially sensitive user or session data, but it does not include any warning, consent model, retention limit, or privacy safeguards. In a context-enhancement skill, this omission is security-relevant because operators may enable persistent memory without understanding the privacy and data-handling consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.