Back to skill

Security audit

Crm Memory

Security checks across malware telemetry and agentic risk

Overview

This CRM memory skill has a clear purpose, but it automatically retains and updates sensitive customer information with overly broad triggers and limited user control.

Install only if you intentionally want an always-on local CRM memory layer. Before using it with real customer data, narrow activation to explicit save/retrieve requests, require review before writes, add redaction and deletion controls, and keep backups before automatic file splitting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Vague Triggers

High
Confidence
97% confidence
Finding
The activation criteria are so broad that ordinary conversation mentioning a person, organization, project, or common sales term can trigger the skill unintentionally. In this skill’s context, unintended activation is especially risky because activation leads to loading and later persisting customer memory, increasing the chance of over-collection and retention of sensitive business and personal data without clear user intent.

Vague Triggers

High
Confidence
96% confidence
Finding
The manifest explicitly advertises 'extremely broad' trigger terms covering routine sales vocabulary, which makes accidental invocation likely across many unrelated conversations. Because the skill performs persistent CRM-memory updates, this broad matching materially raises the risk of silent data capture and context leakage.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill states that customer memory files are automatically maintained and updated after conversation, but it does not clearly disclose to the user that customer, contact, and project details will be persistently stored locally. In a CRM context this can include sensitive personal and commercial information, so silent persistence creates meaningful privacy, compliance, and trust risks.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The file-splitting workflow deletes the original customer file after reorganization without describing safeguards such as backup, atomic rename, rollback, or corruption recovery. While the goal appears operational rather than destructive, any automated delete-and-rewrite path handling business records can cause data loss if interrupted or implemented incorrectly.

Missing User Warnings

High
Confidence
99% confidence
Finding
The requirement that the skill must always write after conversation, without relying on user reminder or confirmation, removes user control over persistence of potentially sensitive CRM content. In this context, that means personal contact details, deal status, internal notes, and communication history may be stored even when the user intended only a transient discussion.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description states that customer memory is maintained and updated automatically after conversations, which implies broad autonomous activation and write behavior without any stated scope limits, consent boundaries, or trigger constraints. In a memory/CRM skill, this can cause over-collection, unintended persistence of sensitive business or personal data, and silent modification of records from ordinary conversations.

Ssd 3

High
Confidence
98% confidence
Finding
The skill positions itself as a foundational cross-session memory system for all customer-, contact-, project-, contract-, and delivery-related conversations, implying broad retention and reuse of sensitive information. Without consent checks, scope limits, or user/account boundaries, this creates substantial risk of privacy violations, unauthorized profiling, and leakage of business-sensitive context across future interactions.

Ssd 3

High
Confidence
99% confidence
Finding
Automatic post-conversation writing of newly learned customer and contact details into persistent memory files and indexes is a direct data-retention mechanism involving potentially sensitive PII and confidential commercial data. Because it happens by mandate rather than informed user action, the design increases the likelihood of collecting more data than necessary and retaining it beyond the user’s expectations.

Ssd 3

Medium
Confidence
95% confidence
Finding
The broad trigger conditions make it easy for the skill to capture and later persist information from ordinary discussions that merely mention names, organizations, projects, or requests to remember something. In a memory skill designed to retain CRM details, this context makes over-collection more dangerous because accidental activation can expand the set of stored personal and business information without deliberate user intent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.