Memory Manager

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent memory-management purpose, but it tells agents to run missing PowerShell scripts that could modify persistent memory files.

Review before installing. Do not let an agent run the referenced `pwsh -File scripts/...` commands unless the scripts are actually present in the installed skill, resolved to the skill package path, and reviewed. Manually approve repair, archive, and long-term memory changes, and take a snapshot before any operation that moves or rewrites memory files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The archive workflow explicitly instructs users to run a command that moves older daily notes out of the main memory folder, but the skill text does not clearly warn that this modifies workspace files or advise users to verify what will be moved first. In a memory-management skill, file-moving behavior is expected, but the lack of an explicit modification warning increases the chance of unintended data movement or confusion about where canonical notes went.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal