Session Debug Log Investigator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent troubleshooting skill for Claude Code debug logs, but users should treat the logs and settings it reads as potentially sensitive.

Install this only when you want an agent to help debug a Claude Code session. Before enabling logging or sharing logs, consider redacting secrets, tokens, private paths, and prompt content; keep analysis to the smallest relevant log tail and turn debug logging off after the issue is diagnosed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The example trigger phrase is broad enough to match ordinary troubleshooting requests, which can cause the skill to activate in situations the user did not clearly intend. Because this skill may enable debug logging and inspect logs, over-broad invocation increases the chance of collecting or exposing sensitive diagnostic data unnecessarily.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill description and workflow indicate it may enable debug logging and inspect logs, but they do not warn that logs can contain sensitive information such as prompts, paths, tokens, configuration details, or user data. Without an upfront warning and consent-oriented language, users may unknowingly authorize actions that increase data collection or reveal sensitive content during diagnosis.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal