MemPalace记忆系统助手

Security checks across malware telemetry and agentic risk

Overview

This is a small memory-search skill whose persistent storage behavior is mostly disclosed and purpose-aligned, though users should handle saved memories carefully.

Install only if you want persistent AI memory. Avoid saving passwords, secrets, regulated data, or private personal details unless you have checked where mempalace stores data and how to review, export, and delete it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 97% confidence
Finding: The activation phrase "记住" is extremely generic and likely to appear in normal user conversation, making accidental invocation plausible. In a memory skill, unintended triggering can cause silent persistence of conversational content, including sensitive or personal data, which is a real security and privacy risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents memory storage and export capabilities but does not warn users that stored content may persist across sessions or that exports can expose accumulated sensitive data. This omission undermines informed consent and increases the chance that users will provide secrets, personal information, or confidential context without understanding retention and disclosure risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal