Mneme

Security checks across malware telemetry and agentic risk

Overview

This is a plainly disclosed local memory-format skill, but users should avoid storing secrets or sensitive information in its durable .mneme files.

Install only if you want the agent to maintain durable local project memory. Review .mneme files like documentation: they may persist decisions, preferences, facts, and project context across sessions. Do not store secrets, credentials, personal data, or confidential material unless you deliberately want that information kept in plaintext.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill is designed for persistent cross-session memory and encourages remembering decisions, facts, preferences, and gotchas, but it does not warn users that data may be stored durably and potentially include sensitive information. This creates a privacy risk because users may disclose personal, confidential, or regulated data without realizing it will persist beyond the current session.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The write protocol tells the agent to append durable memory whenever a future session might benefit, but it does not require explicit disclosure, consent, or sensitivity screening before persistence. In practice, this can cause silent retention of user preferences, operational details, internal project information, or secrets, creating cross-session privacy leakage and long-term data retention risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal