Conversation Miner

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to summarize conversations, but it asks for sensitive conversation-history and memory access while using broad triggers and broad default history collection that could process or retain more private chat content than users expect.

Install only if you are comfortable with a skill that can inspect recent conversation history and save summaries, extracted items, feedback, and inferred preferences. Avoid using it on chats containing secrets, confidential work, legal/medical/financial details, or personal information unless you review what will be saved or exported and choose the destination carefully.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (14)

Scope Creep

Medium

Confidence: 96% confidence
Finding: The export path is user-controlled via --output, and the command writes conversation-derived content to an arbitrary file through exporter.exportToFile(content, output). In a skill with access to session history, this creates a confidentiality and integrity risk because sensitive conversation data can be written outside expected storage boundaries, and arbitrary file overwrite becomes possible depending on exporter implementation and runtime privileges.

Scope Creep

Medium

Confidence: 91% confidence
Finding: The module exposes a generic file-write primitive via exportToFile(content, outputPath) and performs no validation or restriction on the destination path. In the context of a skill that only declares sessions_history and memory_write permissions, this can allow conversation data to be written to arbitrary filesystem locations, creating a capability/permission mismatch and increasing the risk of unauthorized persistence or overwriting local files.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The triggers “总结一下” and especially “总结” are extremely generic phrases likely to appear in ordinary conversation, so they can cause unintentional skill activation. In this skill, accidental activation is more sensitive because the skill has access to session history and can later write extracted summaries or preferences to persistent memory.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger “conversation” is overly broad, common in normal AI interactions, and may collide with benign user text. Because this skill can read conversation history and persist outputs to memory, a false activation could expose or retain data the user did not intend to process.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The help text describes saving summaries, conversation contents, and learned preferences into memory files, but does not present a prominent upfront privacy and retention warning before encouraging use. Users may not understand that potentially sensitive historical content and preference inferences can be stored persistently beyond the current session.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The triggers include highly generic English activators like "miner" and especially "conversation", which can match ordinary user input unrelated to this skill. That increases the chance of accidental activation of a skill that can read session history and later write derived content to memory, causing unintended access to sensitive conversational context.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Several Chinese triggers are broad everyday phrases such as "总结", "总结一下", and "conversation", which are likely to appear in normal chat without intent to invoke this skill. Because the skill is authorized for session-history mining, unintended trigger collisions can expose or process more user data than expected.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill declares permissions to read session history and write memory, but the description and behavior do not present a clear upfront privacy notice before data collection begins. Users may invoke the skill without realizing it will automatically mine prior messages and potentially persist extracted content or preferences.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: This code exports potentially sensitive conversation content to disk with no built-in confirmation, disclosure, or sensitivity checks. Because the skill has access to session history and can include full raw conversation content, silent export increases the chance of leaking private data to shared, unencrypted, or unexpected locations.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This module persists full conversation-derived data, including summaries, todos, ideas, decisions, code, tags, and raw content, to local JSON files under a predictable per-user path. In a skill with permissions for session history and memory writing, silent disk persistence increases privacy risk because sensitive conversation content may be retained longer than users expect and exposed to other local users, backups, or filesystem compromise.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The documentation explicitly promotes retaining conversation summaries and user preference learning in persistent memory files. In the context of a skill with sessions_history and memory_write permissions, this increases the risk of storing sensitive personal, project, or confidential information without minimization controls.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill instructs automatic retrieval and analysis of current session history, then asks whether to save extracted results to memory. This creates a real data-minimization and retention risk because summaries, decisions, ideas, and inferred preferences derived from conversation may contain sensitive information and can be persisted beyond the immediate interaction.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The feedback and evolution workflow explicitly tells the assistant to record user feedback, learned preferences, and adjustment strategies into an evolution log and save them to memory. Persisting behavioral preferences and meta-observations can build a sensitive user profile over time, especially when combined with broad history mining, without strong limits on scope, retention, or consent.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The templates direct the assistant to fetch up to 200 recent messages and process both user and assistant content for summarization and extraction. This encourages broad collection by default rather than targeted retrieval, increasing the chance that unrelated, confidential, or sensitive prior discussion is unnecessarily ingested and then surfaced or retained.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal