Back to skill

Security audit

Lobster Fork Mode

Security checks across malware telemetry and agentic risk

Overview

This skill transparently helps subagents inherit context, but it under-scopes sharing parent-session and MEMORY.md-derived information with spawned agents.

Install only if you are comfortable with spawned subagents receiving summarized parent-session context. Before using it, require the agent to share only task-relevant context, exclude secrets and unrelated memory, and ask before including MEMORY.md-derived preferences.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation description is broad enough that the skill may trigger in many normal cases where a sub-agent merely needs some context, causing routine propagation of parent-session data into child sessions. In this skill, that inherited context explicitly includes goals, constraints, decisions, code snippets, project structure, and user preferences, so over-activation increases the chance of unnecessary data exposure and instruction spillover.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs extracting user preferences from MEMORY.md and passing them to a sub-agent, but provides no consent, minimization, or sensitivity filtering. This creates a privacy and data-governance risk because memory stores can contain personal, behavioral, or otherwise sensitive information that is not necessary for the delegated task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.