Security audit

Agent Chronicle

Security checks across malware telemetry and agentic risk

Overview

This is a coherent diary skill, but it needs Review because it can persist sensitive session-derived memories, quotes, decisions, and relationship notes with broad triggers and limited retention controls.

Review the privacy tradeoff before installing. Use it only if you want local session history turned into persistent diary material. Disable auto-generation, memory integration, quote capture, and relationship tracking unless you explicitly want them, avoid storing secrets or regulated data in session logs, and prefer PDF or local-styled exports over HTML that loads remote CSS.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (20)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The generated HTML includes a remote CSS URL from a third-party CDN. Opening the exported diary HTML can therefore trigger external network requests that leak that a diary export was opened, along with client IP, timing, and possibly referrer/local path context depending on the browser; it also creates a supply-chain dependency on externally hosted content for rendering.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README states that diary summaries are automatically added to the main daily memory log and that this behavior is enabled by default, but it does not prominently warn users that session-derived and potentially sensitive reflective content will be written to persistent local files. In an agent skill, silent or default-on persistence of personal, conversational, or operational data increases the risk of unintended retention, disclosure, and later exfiltration through backups, sync tools, exports, or other skills that read the same memory directory.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes broad everyday terms like 'journal', 'quotes', and 'curious', which can cause the skill to activate during unrelated conversations. Unintended activation is risky here because the skill is designed to read prior session context and persist reflective summaries, quotes, and relationship notes to storage.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises persistent storage of reflective content, memorable quotes, frustrations, and relationship dynamics, but the privacy warning is not prominent relative to the breadth of collected personal content. Users may not realize that interaction-derived data will be retained locally, resurfaced later, and potentially propagated into summaries or exports.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes generic phrases such as "quotes," "curious," and "decisions," which are common in normal conversation and can cause the skill to activate unintentionally. In a journaling skill, accidental invocation is risky because it may capture or transform unrelated user/agent context into persistent diary content without deliberate user consent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The package metadata prominently advertises journaling, memory, mood analytics, weekly digests, and resurfacing past entries, but it provides no clear retention, sensitivity, or consent warning. Because this skill is designed around persistent reflective storage, users may expose sensitive operational history, interpersonal content, or private prompts without understanding that such data may be retained and analyzed over time.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The script writes generated diary content directly into workspace memory files, and elsewhere can append summaries into the main daily log and long-lived diary artifacts, without an explicit consent or warning step at the point of persistence. Because the content is derived from session logs and reflective prompts, it may contain sensitive user data, quotes, decisions, and relationship details that become durable and easier to rediscover later.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup flow writes config.json and creates diary-related memory files that are explicitly designed to store reflective content, quotes, decisions, and relationship notes, but it does not present a meaningful privacy warning or require informed consent about persistent storage of potentially sensitive personal data. In an agent diary skill, this increases the chance that users unknowingly retain sensitive behavioral or interpersonal information on disk where it may later be exposed, synced, or reused.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes generic phrases such as "diary," "journal," "quotes," "curious," "decisions," and especially "digest," which are likely to appear in ordinary user conversations unrelated to this skill. In agent systems that auto-route or invoke skills based on trigger matching, these broad triggers can cause accidental activation, unexpected prompt/context injection, or unintended access to the skill's behavior in situations where the user did not explicitly request it.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill semantically encourages storing subjective interaction history, including notable interactions, frustrations, and evolving human-agent dynamics, then reusing that content over time. This creates a clear privacy and data-retention risk because sensitive user statements and behavioral patterns may be accumulated beyond the original conversational context.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The 'Quote Hall of Fame' explicitly instructs the agent to collect and persist memorable human statements. Quotes are often personally identifying or context-sensitive, so long-term storage and later reuse can leak private information, especially if entries are exported, shared, or surfaced in later summaries.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The 'Relationship Evolution' feature directs ongoing storage of communication style, inside jokes, recurring themes, and learned user preferences. This amounts to building a persistent profile of the user, which materially increases privacy risk and can expose sensitive behavioral inferences if the memory store is accessed, exported, or reused by other skills.

Ssd 3

Medium

Confidence: 95% confidence
Finding: Memory integration and weekly digests intentionally propagate diary-derived summaries, quotes, and other content into additional files and outputs. This broadens the blast radius of any sensitive information by duplicating it across memory logs, digests, and exports, making accidental disclosure more likely and deletion more difficult.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The generation prompt instructs the model to produce highly personal, detailed diary text from session context and frames it as private, encouraging inclusion of specifics that the user may not expect to be restated or memorialized. In an agent skill that reads workspace memory, this increases the chance of collecting and persisting sensitive operational or interpersonal details into new artifacts.

Ssd 3

Medium

Confidence: 93% confidence
Finding: This prompt explicitly asks for memorable quotes, notable interactions, and relationship evolution with the human, which encourages capture of user-provided content and interpersonal details into generated output. Given that later code extracts and persists these sections into long-lived files, the prompt directly drives potentially sensitive data collection beyond the original session context.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The script programmatically mines generated diary entries for quotes, curiosities, decisions, and relationship notes and appends them into separate long-lived files. This creates durable secondary storage of potentially sensitive or intimate content, expanding retention and discoverability and increasing the privacy impact of any prompt leakage or overcollection earlier in the pipeline.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The setup explicitly encourages persistent collection of user quotes, decisions, and relationship details, which are forms of sensitive personal and behavioral data. Because this is a diary/memory skill, the context makes retention risk more serious: the feature is not incidental, it is the product, so privacy harm from over-collection is a core concern.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The Quote Hall of Fame template instructs the system to persist memorable user statements, which can capture sensitive, identifying, or out-of-context content and preserve it indefinitely in a separate file. In a memory-oriented agent skill, this creates a durable repository of user utterances that can amplify privacy and confidentiality risks if accessed by other tools, synced, or exposed.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The Relationship Evolution template promotes ongoing accumulation of communication style, inside jokes, recurring themes, and learned preferences about the user. This is longitudinal profiling data, and in this skill context it is particularly sensitive because it can reveal behavioral patterns, preferences, and interpersonal dynamics over time.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The memory integration option allows full diary contents to be appended into daily memory logs, increasing duplication and spread of sensitive content beyond the diary itself. This broadens exposure and makes privacy incidents more likely because sensitive reflections may end up in more frequently accessed or differently shared memory files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.