Memos Memory Guide Local

Security checks across malware telemetry and agentic risk

Overview

The available evidence points to a memory-recall skill with privacy-sensitive but purpose-aligned behavior, and no artifact-backed malicious behavior was available to verify.

Install this only if you are comfortable with the agent actively searching prior conversation history when you ask about past chats, preferences, or previous work. Treat retrieved memories as private context and avoid enabling it where unrelated users or sensitive conversations may be mixed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill is designed to search long-term conversation history whenever the user refers to past chats, preferences, or history, which is broad enough to trigger retrieval in many ordinary interactions. That can surface prior personal or sensitive information without a clear per-use consent cue, especially when the model is told to derive its own search queries if recall is empty.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to search stored conversation history and reuse excerpts, task summaries, and timelines, but it does not include a user-facing warning that this may surface historical personal data. In a memory-oriented skill, that omission increases privacy risk because users may not realize their prior conversations are being actively queried beyond the automatic context injection.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal