Context Management Context Save

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malicious, but it encourages broad project context capture and persistent or external storage without enough user control or data-handling boundaries.

Install only if you are comfortable with a context-saving workflow that may read and preserve broad project knowledge. Use it on a narrow project folder, exclude secrets and private files, review saved summaries or embeddings before storage, and avoid external vector databases or synchronization unless you explicitly approve that destination.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill promotes context capture, serialization, storage-format selection, and vector database integration without a prominent warning or consent checkpoint about persistence, retention, or possible transmission of project data. In practice, this can lead users or downstream agents to store sensitive code, secrets, architectural details, or proprietary information in local artifacts or external systems without adequate review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal