Back to skill

Security audit

memoir

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memoir-writing skill that locally saves personal life-story notes, so the main risk is privacy rather than hidden or malicious behavior.

Install this only if you are comfortable having personal memoir notes saved locally. Review or delete saved entries you do not want retained, avoid recording sensitive details about other people without care, and remember that local backups or other users with access to the machine may be able to see the files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation about memoirs or life stories, which can cause the skill to activate when the user did not intend to start a persistent autobiographical collection workflow. In this skill, unintended activation is more sensitive because the assistant may begin eliciting and storing highly personal information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states that each collection session is automatically saved to local files, but it does not prominently warn users before collecting potentially sensitive life-history data such as family details, relationships, hardships, and personal reflections. This creates a real privacy risk because users may disclose intimate information without informed consent about persistence, retention, or local file exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.