NTM Memory System

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only memory-system skill; its persistent memory examples are expected for the stated purpose, but users should avoid storing sensitive data without controls.

Before installing or implementing this skill, decide what the agent is allowed to remember, avoid storing secrets or personal data, and make sure any memory store can be reviewed, corrected, and deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This section exposes memory write, update, and erase capabilities without any warning about persistence, overwriting, or user-consent requirements. In an agent skill, silent modification of external memory can lead to unintended retention, corruption, or deletion of sensitive user data, especially if other components rely on that memory as trusted state.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill describes saving content to a persistent file-backed memory store ("memory/ntm_memory.json") and semantic retrieval, but provides no privacy, retention, or sensitivity guidance. Without disclosure and controls, users or downstream agents may store personal, confidential, or security-relevant data indefinitely in a local file, increasing exposure risk.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal