Compaction Survival System

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it automatically saves and reuses broad conversation details in local memory files without clear user controls.

Install only if you intentionally want persistent local conversation memory. Use it in a dedicated workspace, avoid sharing secrets or regulated data while it is active, and regularly review or delete SESSION-STATE.md and files under memory/.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Vague Triggers

High

Confidence: 96% confidence
Finding: The skill is explicitly framed as an always-active behavioral mechanism, causing it to monitor routine conversation continuously rather than only when invoked for a specific memory task. In this context, broad activation materially increases unnecessary collection and persistence of user data, expands attack surface, and makes accidental capture of sensitive content much more likely.

Vague Triggers

High

Confidence: 99% confidence
Finding: The instruction to scan every incoming message and 'WRITE' before responding creates a default surveillance-and-persist behavior for nearly all user interactions. Because the listed triggers include common content like names, preferences, values, URLs, and paths, the condition is so broad that it effectively guarantees frequent storage of potentially sensitive information without meaningful minimization.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The recovery auto-trigger includes vague conditions such as 'you should know something but don't' and generic user phrases like 'continue,' which can cause unsolicited retrieval of prior logs. Ambiguous triggers are dangerous because they may surface old context, including sensitive data, in situations where recovery was not intended or appropriate.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill directs persistent writing of user-provided details to files but does not provide a clear warning, consent mechanism, or retention disclosure. In a memory/persistence skill, that omission is security-relevant because users may reasonably assume ordinary conversational ephemera will not be copied into durable storage.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The WAL instructions require capturing decisions, preferences, paths, IDs, URLs, and other specifics from user input and preserving them in persistent state. This creates a natural-language data leakage path because secrets, internal file locations, personal data, or operational identifiers can be stored and later resurfaced or exposed to other tools, sessions, or users.

Ssd 3

High

Confidence: 99% confidence
Finding: Appending every human message and response summary after a threshold effectively creates a conversation transcript in persistent storage. That broad logging behavior is especially risky because it is automatic, threshold-based rather than consent-based, and likely to capture sensitive content precisely when long sessions tend to include more operational detail.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The recovery procedure instructs the agent to read prior logs, reconstruct context from raw exchanges, and inject that context back into the current session. This increases the chance of re-exposing previously provided sensitive information, including content the user did not intend to be resurfaced later or in a different conversational context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal