Back to skill

Security audit

LYRA 3-Brain Memory

Security checks across malware telemetry and agentic risk

Overview

This appears to be a memory skill, but its persistent storage behavior is too broadly triggered and under-disclosed for users to install without review.

Install only if you want the agent to keep local long-term memory. Before using it, confirm exactly where it writes files, what content it stores, how to disable or delete memory, and require explicit confirmation before any session logging or memory growth.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly instructs the agent to read environment variables and read/write local files, but it does not declare permissions or prominently warn users about those capabilities. In a memory/logging skill, this increases the chance that an agent writes persistent session data or accesses local paths without the user understanding the scope of access.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation guidance is broad enough that ordinary phrases like 'remember', 'log session', or 'recall' could invoke the skill in contexts where the user did not intend persistent storage. Because this skill writes session summaries, references, and graph data to disk, overbroad triggering can cause unauthorized retention of user content or local state changes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documentation describes writing daily logs, topic files, reference pointers, and graph growth, but it does not present a clear user-facing warning that using the skill causes persistent local storage of session-derived data. This is especially risky for a memory tool because users may reveal sensitive workflow details, IDs, URLs, or operational metadata that then remain on disk beyond the current session.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill's load conditions are broad enough to match common user requests such as remembering sessions, recalling context, or logging work, which can cause the skill to activate in situations beyond its narrow intended scope. In a memory-oriented skill, overbroad activation increases the chance of unintended persistence, context capture, or application of memory behaviors when the user did not clearly request them.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.