Back to skill

Security audit

My Custom Skill

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates a local markdown memory folder for long-term notes, with privacy considerations but no evidence of hidden execution, network transfer, credential use, or destructive behavior.

Install only if you want your agent to keep long-lived local notes under ~/memory. Review what gets saved, do not store secrets or sensitive personal, financial, health, or account data unless truly intentional, and periodically delete or prune old memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill's activation guidance is very broad ('User needs organized long-term storage beyond basic agent memory') and does not define clear boundaries, consent checkpoints, or exclusions for sensitive contexts. In an agent setting, vague invocation criteria can cause over-application of the skill and unnecessary persistence of user data, increasing privacy and data minimization risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instruction to 'Write immediately' directs the agent to persist user-provided information to ~/memory/ before responding, but does not require an explicit notice or confirmation that data will be stored on disk. This creates a real privacy risk because users may disclose sensitive information in conversation without understanding it will be retained indefinitely in a filesystem location.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The template explicitly encourages storing personal profiles, relationship context, communication preferences, and interaction history for named individuals, but provides no guidance on consent, data minimization, retention, access control, or handling sensitive personal data. In a memory skill whose purpose is long-term storage and organization, this omission increases the likelihood that users will persist unnecessary or regulated personal information in plaintext files.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The setup text uses broad first-use activation language ('Read this on first use') without explicit trigger boundaries, which can cause the skill to activate in ambiguous contexts and steer the conversation into creating a persistent memory system without sufficiently specific user intent. In a skill that writes structured long-term data to disk, ambiguous activation increases the chance of unintended collection or persistence of personal information.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to create ~/memory/ and store personal data locally, but it does not require a clear warning that files will be written to disk, may persist outside normal chat memory, and could be accessible to others or backups on the device. Because the content includes projects, people, decisions, and preferences, this can expose sensitive personal data through unintended retention or local compromise.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instructions explicitly encourage syncing built-in memory into a parallel long-term storage system, including preferences, decisions, and contacts, without sensitivity screening or minimization limits. This creates a risk of duplicating personal or sensitive data into a broader persistence layer where it may be retained longer, organized for easier extraction, and stored outside the protections or expectations associated with built-in memory.

Ssd 3

Medium
Confidence
96% confidence
Finding
Prompting the user for 'something you'd like me to remember right now' and instructing the agent to store it immediately promotes indiscriminate capture of user-supplied information without classification, sensitivity checks, or confirmation. In the context of a persistent filesystem-based memory tool, this makes accidental storage of secrets, health data, financial information, or other sensitive details more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.