Long Text Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a coherent long-form writing tracker that saves project files locally, with user guidance needed around draft retention and the optional email delivery step.

Install only if you are comfortable with the skill creating local project files containing your drafts and summaries. Use a dedicated project folder, avoid sensitive unpublished material unless needed, review saved summaries before resuming, and do not allow any email delivery unless you explicitly confirm the recipient and exact content to send.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The skill’s declared purpose is continuity tracking for long-form segmented writing, but the workflow expands into external delivery by sending the completed content via email. That introduces outbound data transmission beyond the user’s likely expectation and beyond the tool/skill scope, increasing privacy and exfiltration risk if sensitive drafts or internal material are processed.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: Claiming email-sending behavior is not justified by a continuity-tracking skill and materially broadens the operational scope from local content management to data export. Scope expansion like this is dangerous because it can normalize sending user-authored or confidential content outside the workspace without a tightly bounded need.

Context-Inappropriate Capability

Low

Confidence: 81% confidence
Finding: The skill explicitly prioritizes shell execution for fallback file reads and character counts, even though these tasks can usually be handled by safer built-in read/write primitives. Allowing exec for routine operations increases the attack surface and creates opportunities for command misuse, path manipulation, or future instruction drift into broader shell actions.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The workflow instructs the agent to create project directories and multiple files automatically, but the skill does not present a clear upfront warning that it will write to the workspace. This can surprise users, overwrite expected structures, or persist sensitive content without informed consent.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill specifies sending final deliverables by email but provides no privacy notice, no transmission warning, and no consent checkpoint specific to outbound sharing. This is dangerous because users may provide proprietary, personal, or unpublished text that should not leave the local environment without explicit approval.

Ssd 3

Medium

Confidence: 87% confidence
Finding: The skill directs the agent to persist user content, summaries, and progress across multiple files and resumable sessions. For a writing assistant this may be functional, but without retention limits, visibility controls, or deletion guidance it creates a meaningful risk of unnecessary long-term storage and accidental disclosure of drafts or sensitive source material.

Ssd 3

Medium

Confidence: 94% confidence
Finding: Saving user material into /tmp during failures introduces an alternate storage location that is often less controlled, more discoverable, and easier to forget than the main workspace. This can expose sensitive drafts to other processes, leave behind residual data, or cause users to lose track of where their content is stored.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal