Memory Sleep — Lightweight Consolidation

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, instruction-only memory consolidation helper that edits local memory files for the purpose it advertises.

Install this if you want an agent to consolidate journal-style memory into MEMORY.md. Because it changes long-term memory, run it manually first, review diffs, and avoid vague triggers or unattended cron until you trust its edits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrase "dream" is generic natural language and can plausibly appear in ordinary conversation unrelated to memory consolidation. In an agent environment where skills may auto-activate on trigger phrases, this increases the chance of unintended execution that reads and modifies memory files without the user explicitly intending to invoke the skill.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The use-when section defines activation conditions broadly, including user phrasing, cron execution, and subjective states like files "piling up" or memory "getting stale," without clear guardrails. This ambiguity can cause the skill to run in contexts where the user did not intend file reads or edits, increasing the risk of accidental memory modification and overcollection from recent journals.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal