Session Recall

Security checks across malware telemetry and agentic risk

Overview

This appears to be a context-recovery skill that uses local history for its stated purpose, but users should keep its memory/search scope narrow.

Install only if you want the agent to consult prior local conversations or memory files. Review the skill settings and keep the indexed folders/channels limited to data you are comfortable reusing across sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger conditions are broad enough that the skill may activate on ordinary ambiguity and then search extensive local transcripts, memory files, and cross-channel history without strong necessity checks. In a context-recovery skill, overbroad invocation increases the chance of unnecessary access to sensitive prior conversations and unrelated channel data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal