Security audit

上下文管理

Security checks across malware telemetry and agentic risk

Overview

This is a transparent local memory-management skill, but users should avoid putting secrets or sensitive personal information into the memory files it creates.

Install only if you want local cross-session memory. Do not store passwords, API tokens, session cookies, private personal data, regulated data, or confidential business material in SOUL.md, USER.md, TOOLS.md, MEMORY.md, or memory/ files. Review memory entries before long-term retention, use dry-run before the distillation script writes, and enable cron or heartbeat maintenance only deliberately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Ssd 3

Medium

Confidence: 89% confidence
Finding: This section instructs the agent to persist user context and historical information across sessions in structured files. That creates a real privacy and data-governance risk because it encourages indefinite retention of potentially sensitive personal or operational data without consent checks, minimization, classification, or retention limits.

Ssd 3

Medium

Confidence: 93% confidence
Finding: Archiving historical conversations and later searching them for response generation can expose sensitive prior prompts, credentials, personal information, or confidential business content to unrelated future tasks. The danger is increased by the skill's explicit cross-session memory objective, which makes broad persistence and retrieval a core workflow rather than a rare edge case.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The broad rule 'someone says remember this → write file' encourages unconditional persistence of user-provided instructions and facts, including secrets, credentials, personal data, or adversarial prompt injections. Because the rule is generic and automatic, it can turn transient untrusted input into durable state that influences future sessions, making prompt/data poisoning and privacy leakage substantially more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.