Chat Refiner

Security checks across malware telemetry and agentic risk

Overview

This chat-cleanup skill is mostly coherent, but it can read private chat history and persist summaries, instructions, and even API keys into memory files without clear review safeguards.

Install only if you are comfortable with the skill reading private transcripts and memory files. Before use, require a preview/diff and explicit approval before any write, prefer dated append-only summaries over direct MEMORY.md edits, and redact API keys, tokens, passwords, and unreviewed behavioral instructions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill can be invoked for broad cases like 'memory maintenance during heartbeats' and 'clean/summarize history' without strong scoping or confirmation requirements. That ambiguity increases the chance the agent will access and rewrite conversation-derived memory in situations the user did not clearly intend, causing privacy leakage, unwanted retention, or destructive summarization of important context.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill states that it will write summaries to memory/YYYY-MM-DD-summary.md or MEMORY.md, but its description does not prominently warn users that it edits persistent memory derived from transcripts. This can lead to silent persistence of sensitive conversation data or unintended modification of long-term memory files without informed user consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal