Memoria Persistente

Security checks across malware telemetry and agentic risk

Overview

This is a small Portuguese memory skill that openly tells the agent to keep local memories across sessions.

Install this only if you want an agent to keep durable local memories in Portuguese. Avoid saving secrets, credentials, regulated data, or sensitive personal details, and periodically review or delete the .memory files because stored memories can affect future agent behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly promotes persistent storage of user memories, daily logs, and long-term knowledge across sessions, but it provides no privacy notice, consent model, retention limits, or guidance on handling sensitive data. In an agent setting, this can lead to unbounded collection and retention of personal or confidential information, increasing the risk of privacy violations, accidental disclosure, and unsafe data reuse.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: Mandating Portuguese-only behavior without user choice can create usability and consent issues, especially if users expect responses or stored content in another language. In a memory skill, language lock-in may also cause incorrect storage, retrieval errors, or misunderstanding of what is being persisted, though this is primarily a product safety issue rather than a direct security flaw.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal