Back to skill

Security audit

Memphis

Security checks across malware telemetry and agentic risk

Overview

Memphis is a coherent AI memory tool, but its docs ask users to trust broad memory, secret, network-sharing, background, and state-changing features without enough boundaries or safety controls.

Review before installing. Verify the actual Memphis CLI source before use, avoid storing real credentials until vault handling is understood, ingest only narrow non-sensitive folders, and keep daemon, self-loop, auto-repair, backup restore, learning, and share-sync/network features disabled unless you can confirm their scope and approve each action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises multi-agent sharing and IPFS-based sync but does not warn users that these features may transmit stored memories, decisions, or other sensitive data beyond the local machine. Because the package is marketed as 'local-first' and privacy-oriented, users may reasonably assume data remains private unless explicitly told otherwise, increasing the risk of accidental disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example commands show `memphis share-sync` and `memphis share` without any caution that these operations could expose internal project knowledge or sensitive memory contents to other systems or peers. Users often copy-paste README commands, so presenting networked sharing examples without disclosure or safety context materially raises the chance of unintentional data leakage.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents storing and retrieving secrets through a CLI vault but provides no safety guidance on secret handling, rotation, redaction, shell history exposure, or avoiding plaintext examples. In an agent context, this can normalize unsafe credential workflows and increase the chance that users or downstream agents expose secrets in logs, prompts, backups, or command history.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The multi-agent sync documentation encourages data sharing over a network and via IPFS-like mechanisms without warning that memories, decisions, or other chain contents may leave the local boundary. In a memory-centric agent package, this omission is risky because users may assume all data remains private while enabling features that transmit potentially sensitive content to peers or external systems.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest description is highly promotional and extremely broad, advertising a 'complete AI brain' with many powerful capabilities but without defining clear activation scope, boundaries, or trigger constraints. In agent ecosystems, vague manifests can cause over-broad invocation, unsafe trust assumptions, and accidental exposure of sensitive capabilities such as memory access, vault usage, local model interaction, or multi-agent/network features.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.