Session State Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent and local, but users should understand that its automatic discovery can copy recent session snippets into a persistent workspace state file.

Install this only if you are comfortable with automatic lifecycle hooks. If session indexing is enabled, the skill may search recent transcripts and persist a short snippet into SESSION_STATE.md; avoid using discovery in workspaces where prior sessions may contain secrets or personal data, or disable the hooks/discovery behavior if you want manual-only state updates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The module's stated purpose is session state persistence, but `discoverFromSessions` also mines prior session transcripts and derives new state from them. That expands the data access scope beyond straightforward state management and can surprise users by reusing historical conversation content, which is a privacy and transparency issue even if not overtly malicious.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The security manifest states only `SESSION_STATE.md` is read locally and says no external endpoints are called, but the code also accesses indexed session transcript data through injected `memorySearch`. Even if that tool is local/internal, the manifest materially understates what data sources are consumed, reducing informed consent and making downstream security review less reliable.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: `discoverFromSessions` writes synthesized state to disk automatically with `validate: false` and without an explicit user-facing warning or approval at the write point. This can persist inferred or sensitive information from prior sessions into a durable file unexpectedly, increasing privacy risk and the chance of unwanted propagation across restarts and tooling.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The code copies transcript-derived snippet text directly into persistent `body` content and `writeState` can emit file contents during dry runs, creating a straightforward path for user-provided session details to be stored or exposed in logs. Because transcript snippets may contain secrets, personal data, or sensitive project details, this natural-language copying materially increases data leakage risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal