Back to skill

Security audit

Session Log Analyzer

Security checks across malware telemetry and agentic risk

Overview

The skill has a plausible reporting purpose, but it asks for recurring access to private session logs and Notion upload without enough scoping or user control details.

Review before installing. Only use a narrowly scoped Notion integration and database, inspect the missing scripts from a trusted source before running them, review generated reports before upload, and avoid enabling the cron job until you know exactly what it processes and how to remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports syncing generated reports to Notion, but the documentation does not clearly warn that session logs and derived PDFs may contain sensitive or private data that will be transferred to a third-party SaaS. This creates a real data exposure risk because users may enable the feature without understanding the privacy and compliance implications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The automated reporting section documents unattended daily execution and Notion upload, but it does not prominently warn that this will continuously process logs and transmit reports off-host on a recurring basis. That increases the chance of silent ongoing leakage of newly captured sensitive session data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.