Enhanced Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is a local memory organizer with disclosed long-term storage and archival behavior, but users should treat it as a persistent store for personal notes and use backups.

Install only if you want an agent to keep long-lived local memory. Avoid storing secrets or highly sensitive personal information, review the memory directory periodically, keep backups before running the lifecycle manager, and pass search queries as safe command arguments rather than building shell commands by raw string concatenation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill instructs the agent to read and write across a persistent memory hierarchy, but it does not declare those capabilities explicitly. Undeclared file access makes the operational trust boundary unclear for users and platforms, and in a memory skill this can expose or alter sensitive long-lived notes without informed consent. The context increases concern because the stored data includes personal, relationship, and system information.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill promises 'never delete' archival behavior, but the described underlying behavior removes original active files after copying them to the archive. That mismatch is dangerous because operators may rely on preservation guarantees for personal memory data, while actual behavior can cause silent data loss, broken references, or integrity issues across the memory system. In a long-lived memory skill, misleading retention semantics materially increase risk.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill encourages durable storage of highly personal data such as relationship notes, food logs, pets, mood, and system context, but provides no privacy warning, retention warning, or handling guidance. This omission can lead users to store sensitive information indefinitely without understanding the confidentiality, minimization, and access-control implications. The memory-focused context makes this more dangerous because the feature is explicitly designed for long-lived accumulation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal