Back to skill

Security audit

Amarin Memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent persistent-memory skill, but users should treat it as long-term storage for personal context and configure embeddings carefully.

Install only if you want the agent to keep long-term memory across sessions. Do not store secrets, credentials, regulated data, or sensitive personal details unless you intentionally want them retained in ~/.amarin/agent.db. Keep OLLAMA_URL pointed at a trusted local or private embedding service if privacy matters, and periodically review, revise, or forget stored memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The description understates meaningful behavior: the skill can revise, forget, list, and protect stored memories, and it depends on an embedding endpoint despite marketing itself as working without cloud services. This can mislead operators about data lifecycle and network/data-sharing behavior, causing them to enable a skill with broader persistence and possible outbound data exposure than expected.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill encourages storing user preferences, schedules, identity details, and other long-lived context across sessions without any minimization, consent, retention, or sensitive-data exclusion guidance. In practice, this can lead agents to persist personal or confidential information indefinitely in a local database and later reuse it outside the user's expectations.

Ssd 3

Medium
Confidence
90% confidence
Finding
Telling the agent to search past conversations before answering promotes broad resurfacing of historical user data, which can reveal stale, irrelevant, or sensitive context in later interactions. The risk is elevated here because the skill is specifically designed for persistent cross-session memory, making unintended reuse more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.