Back to skill

Security audit

Supermemory

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it handles persistent third-party memory storage with unsafe credential examples and a live-looking API key in the documentation.

Review before installing. Do not use the API key shown in the documentation, and do not store passwords, tokens, API keys, regulated personal data, or confidential business information as memories. Use your own key only if you are comfortable sending memory content and queries to SuperMemory and have checked its retention and deletion behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill invokes local shell scripts but does not declare corresponding permissions, which weakens transparency and reviewability for users and tooling. While the documented commands appear related to the skill's purpose, undeclared shell capability increases risk because it can hide broader execution behavior than the user expects.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The examples explicitly tell users to store an API key in a third-party memory service, which is unnecessary for normal memory/search/chat functionality and creates a direct secret exfiltration path. In this skill's context, the danger is amplified because the entire purpose is to transmit stored content to an external API-backed knowledge base.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The setup documentation includes what appears to be a real concrete API key rather than a placeholder, exposing a secret directly in the skill file. This can lead to unauthorized use of the external service, billing abuse, and compromise of any data accessible through that key.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description presents the feature as personal memory storage without clearly warning that submitted content is sent to an external API service. This omission can mislead users into sharing sensitive information under the assumption it stays local, especially given the skill's knowledge-base framing.

Missing User Warnings

High
Confidence
98% confidence
Finding
The examples encourage saving sensitive credentials without any warning, normalizing unsafe behavior and increasing the likelihood that users will upload secrets to a third-party service. Because this skill is specifically designed to retain and retrieve data, such secrets may persist and become searchable later, compounding exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.