Back to skill

Security audit

AI Memory System

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent memory tool, but it installs a recurring job that stores conversation-derived facts without clear limits, deletion steps, or consent boundaries.

Review before installing. Use it only if you want a local agent memory system that records conversation-derived facts over time, and add your own rules for excluding secrets, sensitive personal data, and anything you do not want retained. Confirm the exact cron command, storage location, and removal steps before enabling the nightly job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "Set up the memory system" is broad enough to cause the agent to perform multiple side-effecting actions—creating files, directories, and a scheduled cron job—without requiring explicit confirmation of each step. In a skill that modifies the local environment and installs persistence, vague activation increases the chance of accidental or socially engineered execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description does not clearly warn that activation will create files and install a recurring cron job, which is a persistent system modification. Omitting this disclosure undermines informed consent and makes the skill more dangerous because users may invoke it expecting note-taking help, not automated scheduled execution on their machine.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.