Session Watchdog

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local checkpointing skill; its main risk is that it may save conversation summaries more often than some users expect.

Install this only if you are comfortable with the agent saving task summaries to memory/YYYY-MM-DD.md. Review or clear that file during sensitive work, and avoid allowing secrets, private data, or temporary assumptions to be persisted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation criteria are broad enough that the skill may run in ordinary conversations, including at the start of every new session or whenever the user asks about memory. Because the skill instructs the agent to read and write persistent memory files, over-triggering can cause unnecessary persistence of conversational content and increase the chance of storing sensitive or irrelevant data without clear user intent.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger section is underspecified and lacks boundaries, so the skill can activate during common events such as long tasks, periodic token intervals, or vague context-related questions. In this skill's context, that is more dangerous because activation leads directly to persistence actions on memory files, creating privacy, data-minimization, and integrity risks if checkpoints are saved too often or for the wrong conversations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal