Quantum Memory Graph

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed long-term memory helper, but users should treat stored conversation content as persistent and potentially sensitive.

Install only if you are comfortable with an external PyPI package handling long-term agent memory. Before storing real conversations, verify where the data is saved, whether the server is bound only to trusted interfaces, and how to delete or protect stored memories; avoid storing credentials, personal data, or proprietary content until those controls are clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill advertises long-term memory storage and a server exposing /store and /recall endpoints, but it does not warn users that conversation content may be retained and later retrievable. In an agent context, this can lead to inadvertent storage of sensitive prompts, credentials, personal data, or proprietary information, increasing privacy and data-governance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal