MyMemory.bot

Security checks across malware telemetry and agentic risk

Overview

This is a purpose-aligned cloud memory skill, but users should understand that selected memories and an API key are sent to and stored by ctxly.app.

Install this only if you want an external service to retain agent context across sessions. Do not store secrets, regulated data, or highly sensitive personal information; protect and rotate CTXLY_API_KEY if exposed; review or delete memories periodically; and require explicit human approval before any tweet-based verification.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill promotes persistent cloud memory but does not clearly warn users that content is transmitted to a third-party service and retained across sessions. In an agent context, this can lead to accidental upload of sensitive user data, internal reasoning, or personal context without informed consent or appropriate handling expectations.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The documented delete operation enables irreversible removal of stored memories, but the skill does not warn about data loss or encourage confirmation before deletion. In a memory service, accidental or automated misuse could erase important agent context and degrade integrity or continuity across sessions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal