Back to skill

Security audit

Agent Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local memory tool that stores agent facts, lessons, and entities in SQLite without evidence of hidden execution or data exfiltration.

Install only if you want an agent to keep local cross-session memory. Do not store API keys, passwords, financial details, regulated data, or confidential business information unless you have an explicit policy for doing so. Periodically inspect, export, or delete the database, and use a separate custom database path for different users or projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly encourages persistent storage of user preferences, relationship context, and other personal or behavioral data across sessions, but it provides no warning about privacy, consent, retention limits, or appropriate handling of sensitive information. In an agent-memory skill, this omission is security-relevant because developers may deploy it to store personal data indefinitely by default, increasing the risk of over-collection, unauthorized retention, and misuse of sensitive context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly implements persistent storage of facts, lessons, and entity data across sessions, but the description does not warn users that conversation-derived information may be retained on disk by default. This creates a meaningful privacy and data-governance risk because operators may unintentionally store sensitive personal, confidential, or regulated data in `~/.agent-memory/memory.db` without informed consent or retention controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The module persists potentially sensitive user-related memories to a local SQLite database under the user's home directory by default, but provides no explicit notice, consent flow, or retention transparency. In an agent context, users may reasonably assume ephemeral processing, so silent long-term storage can expose personal, behavioral, or confidential information to later local compromise, backup leakage, or unintended reuse.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.