Back to skill

Security audit

autodream-core

Security checks across malware telemetry and agentic risk

Overview

This skill is a local memory cleanup tool whose session scanning, memory-file rewriting, and local logs match its stated purpose, but users should run it carefully on sensitive workspaces.

Install only in workspaces where it is acceptable to scan session transcripts and rewrite MEMORY.md. Back up MEMORY.md first, start with a test workspace, review local files written under memory/autodream, and disable analytics in config if local usage logs are not wanted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly describes and demonstrates filesystem read/write behavior against workspace and memory files, but it does not declare any permissions or safety boundaries. This can mislead users and hosting platforms about the skill's effective capabilities, increasing the risk of unintended file modification, pruning, or data loss when the skill is installed or invoked.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly states that usage behavior is automatically recorded to `.autodream_analytics.jsonl`, but it does not prominently warn users that operational metadata will be persisted to disk by default. In an agent or shared-workspace context, even seemingly low-sensitivity telemetry such as run times, triggers, and processing volume can reveal activity patterns and may violate privacy or policy expectations if collected without clear consent.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The report explicitly states that the skill writes a local state file and an analytics log, but does not document any user-facing notice, consent, retention policy, or means to disable telemetry/output files. In an agent skill that processes potentially sensitive memory/workspace content, undocumented local telemetry and persistent state increase privacy and compliance risk even if the writes are only local.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The adapter reads and parses all session JSON files to extract memory signals from conversation history, which can expose sensitive user content without any built-in consent, notice, minimization, or scoping controls. In a memory-consolidation skill this access is functionally expected, but it still creates a real privacy/security risk because entire conversations may contain secrets, personal data, or unrelated context that gets processed and retained.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example checks whether consolidation should run, but then unconditionally calls engine.run(force=True), bypassing the safety gate. In a memory-management skill that can deduplicate, merge, and prune workspace data, this creates a realistic risk that users copy-paste the example and trigger destructive or unexpected modifications to their real workspace without a clear warning.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.