memos-memory-guide

Security checks across malware telemetry and agentic risk

Overview

This memory-oriented skill appears purpose-aligned, but it can access prior user context broadly and write shared memory without clear consent safeguards.

Install only if you want the agent to recall prior conversations and use persistent memory. Avoid storing sensitive personal, financial, credential, or confidential business details, and review any public-memory behavior carefully before allowing user-derived information to be shared across agents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description says to use this skill whenever the user refers to past chats, preferences, history, or prior context, which is broad enough to trigger memory access in many routine conversations. This can cause unnecessary retrieval of historical user data and increase privacy exposure, especially when the user did not explicitly ask for memory lookup.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guidance for `memory_write_public` instructs the agent to write shared knowledge to public memory visible to all agents, but it does not require user awareness or consent before sharing potentially sensitive conversation-derived information. In a memory system handling user history and preferences, this can lead to cross-agent dissemination of personal or confidential data beyond the original context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal