Back to skill

Security audit

AI Agent Memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local markdown memory skill, but users should treat the saved notes as persistent private data.

Install only if you want a persistent local memory folder. Avoid storing passwords, API keys, financial identifiers, health records, regulated data, or unnecessary third-party personal details. Review anything copied from built-in memory before syncing, and remember that files in ~/memory/ may remain on disk until you delete them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill uses very broad natural-language triggers such as 'Save this...', 'Find...', and 'What do you know about...' without defining clear activation boundaries, confirmation requirements, or data-scope restrictions. In an agent setting, this can cause the skill to capture, persist, retrieve, or modify sensitive information whenever loosely similar user or ambient context appears, increasing the risk of unintended memory operations and privacy leakage.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template explicitly encourages storing personal contacts, decisions, and knowledge in local markdown files, but provides no guidance on handling sensitive or regulated data, minimizing collection, or restricting access. This can lead users to persist personal or confidential information in plaintext without realizing the privacy and security implications, increasing the risk of data exposure from local compromise, backups, or accidental sharing/sync.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs copying data from built-in memory into a user-accessible file hierarchy but does not warn that built-in memory may contain sensitive, personal, or confidential information. This increases the risk of unintended persistence, broader exposure through sync/backups/search, and accidental disclosure if the filesystem memory store is shared or less protected than the original memory source.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The setup instructions are framed as generally applicable on first use and do not define clear user-driven triggers or scope boundaries for when the skill should be activated. In practice, this increases the chance the agent will initiate memory setup or data collection in contexts where the user did not explicitly intend persistent storage, creating privacy and consent risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to create persistent files under ~/memory/ and populate them with user data, but it does not clearly warn that this writes to local storage, may persist indefinitely, and could be accessible outside the conversation. Users may disclose sensitive information without understanding retention, location, or access implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill proposes copying built-in memory into a separate storage system, including preferences, decisions, and contacts, without an explicit privacy warning or granular consent. This can expand the exposure of previously shared personal data by duplicating it into a new persistence layer with different retention and access properties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manual sync steps explicitly instruct the agent to write extracted content into ~/memory/sync/ and update an index, but they provide no safeguard such as user confirmation, backup guidance, overwrite checks, or warning that this modifies persistent user data. In an agent skill, operational instructions that cause file writes to a long-lived memory store can lead to unintended corruption, duplication, or privacy-impacting persistence if followed automatically or too broadly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The INDEX rebuild guidance generates new index rows from filesystem contents without warning that replacing or regenerating an index can discard manual annotations, descriptions, ordering, or other curated metadata. In practice, users or agents may treat this as authoritative recovery guidance and overwrite the existing INDEX.md, causing silent data loss in a persistent memory system.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill encourages persistence of prior conversation memory and detailed user-related information such as profiles, preferences, decisions, and contacts into a parallel store. Because these categories frequently contain personal or sensitive information, the instruction creates a real risk of over-collection, duplication, and long-term retention without sufficient minimization safeguards.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to immediately store whatever the user wants remembered lacks screening for secrets, regulated data, or other highly sensitive content. In a memory skill, this context makes the issue more dangerous because users are explicitly encouraged to provide long-term information, which may include passwords, health data, financial details, or third-party personal information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.