MemWeaver

Security checks across malware telemetry and agentic risk

Overview

MemWeaver is a disclosed local memory-profiler that handles sensitive personal memory data, but its behavior matches its stated purpose and shows no evidence of exfiltration or hidden execution.

Install only if you are comfortable letting your agent analyze CodeBuddy memory and recent logs for personal and work-pattern inferences. Use a narrow day range, review the generated YAML before sharing or relying on it, and delete saved profiles or backups if they contain sensitive information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script accepts --profile as an arbitrary filesystem path and reads that file's contents into the JSON output, even though the tool's stated purpose is collecting workspace memory data. In an agent context, this expands data access beyond .codebuddy memory files and can exfiltrate unrelated sensitive local files if a caller supplies a crafted path.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The README advertises very broad natural-language triggers such as "Analyze my profile" and "What kind of person am I based on my memory?" that could match ordinary user requests and cause the skill to activate unexpectedly. In the context of a skill that reads memory files and generates sensitive personal profiles, accidental invocation increases the chance of unnecessary access to private data and profiling without clear, contextual consent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README prominently promotes mining memory files for hidden traits and generating a structured user profile, but it does not present an upfront privacy warning commensurate with the sensitivity of the operation. Because the skill infers psychological or behavioral attributes from logs and memory, users may not appreciate the extent of sensitive processing, creating elevated privacy and consent risks even if data stays local.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill directs the agent to read memory files, infer hidden traits, and generate a structured personal profile without any privacy notice, consent prompt, minimization guidance, or warning about sensitive data handling. Because the source material is inherently personal and longitudinal, omission of these safeguards can lead to covert profiling and processing of highly sensitive behavioral information beyond user expectations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The output section instructs saving a detailed YAML profile and mentions analysis cache storage, but gives no warning that these files may contain sensitive personal history, inferred traits, priorities, and disclosures from questionnaire responses. Persisting this material without explicit notice or retention controls increases the risk of future unauthorized access, re-identification, or secondary use.

Natural-Language Policy Violations

Low

Confidence: 90% confidence
Finding: The configuration explicitly includes extraction of the user's language as part of a persistent profile dimension, but there is no indication of user consent, opt-in, or purpose limitation. In the context of a memory-profiling skill that also mines hidden patterns and inferred traits, storing language preferences can contribute to broader behavioral profiling without the user's clear awareness.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script serializes long-term memory, daily logs, and any existing profile directly to stdout as JSON, which can expose highly sensitive personal or workspace information to downstream tools, logs, or calling agents. In this skill's context, the entire purpose is profiling from memory, so the data is especially privacy-sensitive and the absence of an explicit warning, minimization, or redaction makes accidental disclosure more dangerous.

Ssd 3

High

Confidence: 97% confidence
Finding: The core purpose of the skill is to mine broad memory content for hidden traits, contradictions, emotional triggers, and unlabeled skills, then assemble a structured user profile. This is dangerous because it systematizes surveillance-like processing of a user's historical interactions and converts raw memories into durable, high-value inferred personal data that can be more sensitive than the original notes.

Ssd 3

High

Confidence: 96% confidence
Finding: The workflow explicitly instructs parsing long-term memory and recent logs, enabling broad aggregation of private user history across time rather than using a narrow, task-specific context. In this context, systematic collection increases both privacy risk and potential misuse because it creates a consolidated behavioral dataset that can expose routines, priorities, and personal patterns far beyond what is needed for a single interaction.

Ssd 3

Medium

Confidence: 90% confidence
Finding: Recording questionnaire answers internally as profile evidence creates additional retention of sensitive disclosures and links them to inferred traits, making the resulting profile more invasive and durable. Even if answers are volunteered, storing them as evidence without clear retention limits or deletion controls creates unnecessary privacy exposure and increases harm if the profile is later accessed or repurposed.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal