Mnemos Memory

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill coherently guides users through setting up Mnemos persistent agent memory, with the main caution being persistence and broad activation wording.

Install this only if you want agent memory that can persist across sessions. Review the Mnemos package and MCP config before enabling it, keep separate scopes or config paths for projects that should not share memory, and avoid storing secrets or sensitive prompts unless you are comfortable with later retrieval and any selected embedding provider processing that content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill’s activation description is broad enough to trigger on generic mentions of 'memory' or memory automation, which can cause the agent to invoke this skill outside its intended scope. Over-broad activation can misroute user requests, leading the agent to apply Mnemos-specific installation or operational guidance when the user was discussing unrelated memory topics, reducing reliability and potentially causing unintended configuration changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal