Memfy

Security checks across malware telemetry and agentic risk

Overview

Memfy is a coherent memory-saving skill that discloses its durable file writes and includes safeguards against storing secrets, though users should understand that it can activate on remember-style requests.

Install this only if you want your agent to save durable local notes when you ask it to remember or persist details. Set MEMFY_MEMORY_FILE if you want a specific destination, and avoid asking it to remember sensitive personal data or credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Implicit invocation is enabled while the default prompt is broad enough to trigger on ordinary conversation about remembering or saving details for later. In a memory-writing skill, this increases the chance of unintended activation and persistence of user data, including information the user did not clearly consent to store or that should not be retained.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal