Back to skill

Security audit

Memos Memory Guide Backup

Security checks across malware telemetry and agentic risk

Overview

This memory guide is transparent about using past conversations, but it gives the agent broad memory-search and future skill-install authority without enough user confirmation or privacy limits.

Install only if you want the agent to search long-term conversation history. Before use, require explicit confirmation for sensitive memory searches and for any skill_install action, and review any retrieved skill content before allowing it to persist into future sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is designed to trigger on broad references to prior chats, preferences, or history, which can cause memory retrieval in many ordinary conversations without a clear necessity or explicit user confirmation. Because the retrieved data comes from long-term conversation history, over-broad invocation increases the chance of unnecessary access to sensitive personal context and privacy overreach.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to search and use stored past conversations but provides no privacy guardrails, consent checks, or warning about handling sensitive historical data. In context, this makes the skill more dangerous because it operationalizes access to long-term user memory and even suggests deriving queries such as the user's name or recurring topics, which can expose personal information beyond what is needed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.