Fast Unified Memory

Security checks across malware telemetry and agentic risk

Overview

This is a local memory search helper with expected privacy caveats, but the artifacts do not show hidden exfiltration, destructive behavior, or automatic privileged actions.

Install only if you want a local memory store that keeps added text on disk. Avoid storing secrets or sensitive personal data, verify the Ollama installer before running the curl-to-shell command, and review or delete ~/.mem0/fast-store.json if you no longer want retained memories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The code sends user-supplied memory text to the Ollama embeddings API, which is an external service boundary from the user's perspective, without any explicit notice or consent. Even if hosted on localhost, this transmits potentially sensitive memory content to another process and may expose secrets, personal data, or proprietary information through logging, plugins, or remote model configuration.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The add flow persists arbitrary user memory content to a local JSON file under the user's home directory without warning in the command description. Users may enter secrets or sensitive notes expecting ephemeral processing, but the tool creates durable storage that could later be read by other local processes, backups, or anyone with filesystem access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal