Engram

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local persistent-memory skill, with privacy considerations but no evidence of hidden or malicious behavior.

Install only if you want the agent to keep searchable local memory across sessions. Avoid storing secrets, credentials, regulated data, or confidential conversations unless you are comfortable with that information being recalled later or included in exports; review the npm dependency before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill description is broad enough to trigger in many normal agent workflows, including recalling past decisions, storing facts, and maintaining context across sessions. Overly broad activation increases the chance the skill is invoked by default and used on sensitive user data without an explicit need, consent check, or scope restriction.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example `echo "Raw conversation text" | engram ingest` encourages ingestion of entire conversations into persistent storage without any warning about privacy, secrets, retention, or access scope. This can lead to unbounded retention of credentials, personal data, confidential business information, and other sensitive context that the agent should not persist.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal