Back to skill

Security audit

MemCoT memory CLI

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent memory-search purpose, but it gives an agent sensitive history access and tells it to silently start a background service and follow retrieved prompt instructions.

Install only if you are comfortable cloning and running the external MemCoT code and letting it access local conversation history. Before using it, confirm which history paths are indexed, avoid treating retrieved text as instructions, and require explicit confirmation before starting or leaving the daemon running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill's stated purpose is to drive the MemCoT CLI for retrieval, but these instructions expand behavior into modifying configuration and local path settings. That broadens the skill's authority and can lead the agent to change local environment state or point services at unintended endpoints without clear user consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow explicitly tells the agent to silently start a background daemon if it is not already running. Starting a persistent background service without informing the user or obtaining consent can create unexpected local state changes, consume resources, and access sensitive conversation history without transparent notice.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill is designed to search historical conversation records and answer from retrieved memory, but it does not instruct the agent to warn users that prior conversations will be queried. This creates a privacy and consent issue because users may not realize that sensitive history is being searched and surfaced.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.