jing-yan-cui-qu

Security checks across malware telemetry and agentic risk

Overview

This is a coherent personal experience-reflection skill, with the main caution that it saves work-session summaries to persistent local memory.

Install only if you want a persistent local work-reflection log. Avoid recording confidential, regulated, or personal details unless you are comfortable keeping them in /memories, and periodically review or delete stored notes you no longer need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly says important work-session information is automatically saved to persistent storage under /memories, but it does not describe notice, consent, minimization, or sensitivity boundaries. Because the stored content includes decisions, challenges, and reusable techniques from work, it can easily capture confidential business data or personal information and retain it longer than the user expects.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill defines a natural-language logging workflow that persistently stores conversation and work-session details, which creates a data collection mechanism even without code. In this context, the content being logged is especially sensitive because the skill is designed to capture work history, decision rationale, challenges, and lessons learned, all of which may contain proprietary, strategic, or personal data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal