Daxiang Memory Optimization

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but it can automatically remove or archive stored memories without enough user-controlled safety checks.

Install only if you are comfortable with an agent modifying stored memories. Before use, disable automatic pruning or require a dry run and explicit approval, back up memory files, verify the archive destination, and test thresholds on non-critical data first.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly performs automatic pruning and archiving of memories based on heuristic relevance scores, but the documentation does not present a clear user-facing warning about data loss, review requirements, or failure modes. In a memory-management skill, this is dangerous because low-confidence or context-poor scoring can silently remove important operational, safety, or audit information and degrade future agent behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal