Remember Me

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local memory helper that stores preferences and context for personalization, with privacy considerations but no evidence of hidden or malicious behavior.

Install this only if you want the agent to keep local notes about your preferences, goals, boundaries, and recurring context. Review MEMORY.md and daily memory files periodically, avoid saving sensitive personal details unless you explicitly want them retained, and ask the agent to forget or correct entries that are private, stale, or inaccurate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger description is extremely broad, activating on generic situations like personalization, continuing context, or retrieving earlier decisions. This can cause the skill to run in ordinary conversation without a clear, fresh user request, increasing the chance of unwanted collection or persistence of user-related information.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly writes user-related context to persistent files (`memory/YYYY-MM-DD.md` and `MEMORY.md`) but does not present a prominent user warning at the point of use. Users may not realize that personal preferences, boundaries, goals, and inferred hypotheses are being retained across sessions, creating consent, privacy, and retention risks.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal