Auto Log

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide disclosed local memory/activity logging, which is privacy-sensitive but aligned with its purpose.

Install only if you want the agent to keep persistent local memory of its work. Review where the daily logs are written, avoid using it around secrets or sensitive personal data, and periodically delete or redact logs you do not want retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill clearly advertises automatic recording of agent activity and appending to daily memory log files, but it does not present a prominent user-facing warning about persistent logging, data retention, or the possibility of capturing sensitive task content. In an agent environment, automatic activity logging can unintentionally store secrets, personal data, or confidential workflow details, so the lack of explicit notice and consent is a real security and privacy weakness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal