Back to skill

Security audit

PARA Second Brain

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it should be reviewed because it encourages long-term searchable storage of chats and personal details without strong privacy limits.

Install only if you want the agent to maintain persistent local memory. Before enabling transcript indexing or agent-written memory, decide what conversations and personal details are allowed, avoid storing secrets or sensitive personal information, and periodically review or delete MEMORY.md, daily logs, and any linked transcript archive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages enabling session transcript indexing so past conversations become searchable, but it does not clearly warn that transcripts may contain secrets, personal data, credentials, or confidential work content. Making historic conversations searchable increases the chance of sensitive resurfacing, over-retention, and unintended disclosure across future sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The MEMORY.md template explicitly suggests storing personal details such as relationships, birthdays, anniversaries, communication preferences, and other enduring personal context without any minimization or consent guidance. This normalizes long-term retention of sensitive personal information and raises privacy and misuse risk if the workspace is accessed by others or later reused in unrelated contexts.

Ssd 3

Medium
Confidence
93% confidence
Finding
Indexing conversation transcripts as a core feature encourages bulk retention and resurfacing of user-generated content, including potentially sensitive details that were shared transiently. In a memory/search system, this increases privacy exposure and can cause old sensitive data to be retrieved in later contexts where it is no longer appropriate.

Ssd 3

Medium
Confidence
94% confidence
Finding
The long-term memory guidance encourages preserving extensive user-specific personal information across sessions, including preferences, relationships, milestones, and ongoing life details. That creates a durable profile of the user beyond what is necessary for many tasks and increases the harm from compromise, accidental exposure, or inappropriate future reuse.

Ssd 3

Medium
Confidence
91% confidence
Finding
The AGENTS.md instructions push the agent to write down anything with future value immediately and preserve continuity across restarts, which encourages over-collection of user input without a sensitivity filter. In practice, this can cause broad retention of private conversation details that users may have expected to remain ephemeral.

Ssd 3

Medium
Confidence
90% confidence
Finding
The memory flush protocol instructs the agent to persist as much active context as possible when the context window is high, including before responding. Under pressure, this biases toward indiscriminate dumping of recent conversation state into files, which can capture secrets, sensitive decisions, or unnecessary personal details with little filtering.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.