Back to skill

Security audit

Three Tier Memory V2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory-management skill, but it can retain conversation content over time and users should treat that stored memory as sensitive.

Install only if you want local persistent agent memory. Set WORKSPACE_DIR explicitly, avoid storing secrets or sensitive personal data, periodically inspect and delete the memory directory as needed, and treat retrieved memories as context rather than trusted instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes filesystem and environment-dependent operations such as persistent memory files, summaries, and vector-store usage, but it does not declare corresponding permissions. In an agent ecosystem, missing permission declarations can bypass user/operator expectations and reduce enforcement or review of file and environment access, especially for a component designed to persist conversation data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly built to retain short-, medium-, and long-term conversation memory, including automatic persistence and retrieval, yet it provides no warning about retention, privacy, or sensitive data handling. This is dangerous because users may unknowingly disclose personal, confidential, or regulated information that gets stored locally or embedded into a vector database for later retrieval.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The configuration and architecture sections document automatic summarization and long-term vector storage, including model-based processing and permanent semantic retrieval, without warning that user conversations may be transmitted to a model and stored for future use. In the context of a memory-management skill, this increases the chance of silent retention, secondary use of sensitive content, and privacy violations across sessions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly demonstrates storing personal and preference data such as a user's name and likes in medium- and long-term memory without any warning, consent guidance, retention policy, or data minimization notes. In a memory-management skill whose purpose is persistence, this increases the likelihood that integrators will save sensitive personal data indefinitely or inappropriately, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The integration example passes raw user_message and user_query into a persistence/search workflow and captures results, but the documentation does not warn that these operations may write user data to disk/vector storage or expose prior stored content. This omission is risky because developers may integrate it into user-facing agents without notice, consent, or safeguards around memory persistence and retrieval side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
After generating a summary, the code unconditionally clears all short-term memory without explicit confirmation, warning, backup, or a configuration guard. In a memory-management skill, this can silently destroy recent context and user data, which is especially risky because the summary is lossy and may omit important details.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal