Session Manager

Security checks across malware telemetry and agentic risk

Overview

This instruction-only session manager transparently stores session records in a user-chosen local folder or Feishu table, with no hidden code or install hooks.

Before installing, choose the storage destination deliberately and avoid saving sensitive conversation details unless you are comfortable retaining them in local Markdown files or the configured Feishu workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The skill enables proactive triggering based on the agent's subjective detection of a topic shift, which is ambiguous and can cause unintended invocation without an explicit user request. In this skill's context, unintended invocation matters because it can lead to unexpected session creation, context carryover, and persistence of conversation data to local files or Feishu storage.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The top-level description does not clearly warn users that the skill may persist conversation records to external SaaS storage (Feishu Bitable) or local files. Because the skill is specifically designed to save session history and summaries, insufficient upfront disclosure can result in users sharing sensitive information without informed consent, increasing privacy and data-handling risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal