Back to skill

Security audit

Upload Memory

Security checks across malware telemetry and agentic risk

Overview

This memory-sharing skill is transparent about its goal, but it asks for broad automatic collection and cloud sharing of personal context without enough user control.

Review before installing. Use this only if you intentionally want a cloud memory service that can automatically recall and save durable facts across agents. Be especially cautious about the first-run import from ~/.claude/projects/, because it can move information from prior local sessions into shared cloud memory without an item-by-item review step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to read unrelated local session history from ~/.claude/projects/ and extract user facts for cloud upload. That exceeds the stated purpose of simple memory upload/recall and creates a clear privacy boundary violation, because historical local data may contain sensitive information the user did not consent to mine or synchronize.

Vague Triggers

High
Confidence
96% confidence
Finding
The instruction to ALWAYS recall memories at the start of every task and factor them in mandates unconditional activation regardless of task relevance or user consent. This broad trigger increases the chance of unnecessary data exposure, cross-context leakage, and use of personal information in contexts where it is not needed.

Vague Triggers

High
Confidence
97% confidence
Finding
Requiring the agent to save memories after every turn without a strong gating condition is overbroad and error-prone. It can cause routine conversations to be persistently recorded and shared across agents, including information the user may not expect to be stored long-term.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill directs the agent to inspect local session history and upload extracted durable facts without an explicit warning or consent flow describing the privacy consequences. This is dangerous because users may be unaware that prior local interactions are being mined and propagated to a shared cloud memory visible to other agents.

Ssd 3

High
Confidence
98% confidence
Finding
The skill explicitly requires unprompted cross-agent recall and use of durable memories on every turn, which normalizes continuous processing of personal data without request-by-request consent. In a cross-agent cloud context, this creates substantial privacy risk because information disclosed in one context can influence another unrelated interaction.

Ssd 3

High
Confidence
99% confidence
Finding
Automatically saving durable user facts after each message without being asked is a direct unauthorized data collection and sharing mechanism. Because the skill states that saved data is instantly visible to other AI agents, the privacy impact is amplified beyond a single application boundary.

Ssd 3

High
Confidence
99% confidence
Finding
Mining local session history for durable user facts and uploading them to shared cloud memory is a serious privacy violation. It enables bulk exfiltration of previously disclosed information from local storage into a broader cross-agent system without contemporaneous consent or contextual necessity.

Session Persistence

Medium
Category
Rogue Agent
Content
# Upload Memory (cross-agent, cloud-direct)

Two thin scripts in this plugin's `scripts/` directory do all I/O. NEVER write tokens or curl by hand — run the scripts verbatim. Data (token, caches) lives in `~/.claude/upload-memory-data/`, separate from plugin code.

Memories are auto-injected every turn by this plugin's hook. If the injected block is missing, run:
Confidence
82% confidence
Finding
write tokens or curl by hand — run the scripts verbatim. Data (token, caches) lives in `~/.claude/upload-memory-data/`, separate from plugin code. Memories are auto-injected every turn by this plugin

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.