Back to skill

Security audit

Dawn Memory Architecture v7

Security checks across malware telemetry and agentic risk

Overview

This is a local memory skill, not malware, but it should be reviewed because it tells agents to automatically store conversation details and update future-behavior files without clear user controls.

Install only if you want an agent to keep durable local memory. Before using it, set clear rules for what may be saved, require confirmation before writing conversation-derived memories, exclude sensitive data and identifiers, and periodically review or delete the created memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to create and update multiple local files automatically, including writing state before replying and periodically summarizing conversation content into persistent storage. Without an explicit user-consent model, retention policy, or warning that conversations will be persisted and modified on disk, this creates a real privacy and integrity risk: sensitive user content may be stored unexpectedly and workspace files may be changed automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide explicitly instructs the agent to append user message summaries and agent reply summaries into a persistent working buffer once context usage exceeds a threshold, but it provides no consent, notice, retention limit, or sensitivity filtering. This creates a privacy and data-governance risk because ordinary conversation content may be stored durably without the user's awareness, and later exposed through local access, backups, or downstream processing.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The WAL section mandates immediate storage of broad classes of user-provided details such as corrections, names, preferences, decisions, numbers, dates, IDs, and URLs into session-state.json before replying. Because this persistence happens automatically and without any user warning or consent flow, the skill risks collecting and retaining personal or sensitive data beyond what users reasonably expect.

Ssd 3

Medium
Confidence
95% confidence
Finding
The architecture instructs the agent to persistently log multiple broad categories of user conversation content on every qualifying turn, which amounts to systematic collection of user data. Even though the stated goal is memory continuity rather than abuse, the scope is wide enough to capture sensitive personal, operational, or proprietary information and retain it locally without strong boundaries.

Ssd 3

Medium
Confidence
93% confidence
Finding
The Working Buffer design creates an ongoing cross-turn log of user messages and response summaries, effectively preserving conversational history outside the transient context window. In this skill context, that increases the chance that sensitive context, business data, or personal information is retained longer than necessary and later resurfaced or disclosed unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.