thecede

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory skill, but it tells agents to persist credentials in searchable long-term memory, which users should review carefully.

Install only if you are comfortable with Cortex storing cross-session memory and you know how to inspect, scope, and delete that memory. Do not allow it to store passwords, API keys, tokens, session cookies, private keys, or other secrets; use a dedicated secret manager instead.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill explicitly recommends using high importance for 'credentials' in persistent memory, which encourages long-term storage of secrets without any warning, minimization guidance, or access-control caveat. In a cross-session memory system, persisted credentials materially increase the chance of secret leakage, misuse by later sessions, or unintended retrieval in unrelated contexts.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The guidance normalizes storing credentials and user preferences across sessions, which creates unnecessary retention of sensitive or privacy-relevant data. Even if the intent is convenience, persistent memory broadens exposure by making sensitive data available to future retrieval, search, briefing, and graph-linking operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal