Security audit

Datris Memory

Security checks across malware telemetry and agentic risk

Overview

This skill openly indexes specific local memory notes into Datris for long-term recall, with no hidden code or unrelated behavior found.

Install this only if you want Datris to index your MEMORY.md and memory/*.md notes for recall. Review those files for secrets or sensitive personal data first, and make sure you trust the configured Datris MCP server and storage account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

High

Confidence: 95% confidence
Finding: The skill description instructs invocation for very broad categories like any mention of saving, recalling, syncing, searching memory, and even generic 'memory-shaped' questions. This can cause over-triggering, making the agent route unrelated user requests into this skill and unnecessarily access or operate on long-term memory systems, increasing the chance of unintended data exposure or unwanted writes/sync actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal