Back to skill

Security audit

Semantic Memory Boost

Security checks across malware telemetry and agentic risk

Overview

This skill is a memory helper whose disclosed persistence is aligned with its purpose, but users should avoid letting it store sensitive information.

Install this only if you want the agent to maintain reusable memory across sessions. Do not use it with secrets, credentials, regulated data, or private personal details unless you have reviewed where memory files are stored and how to remove or disable them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to persist 'this conversation's insights' into memory files, but it provides no user notice, consent mechanism, retention policy, or data-sensitivity guardrails. This creates a real privacy and data-governance risk because users may unknowingly have sensitive project details, decisions, or personal information stored beyond the current session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.