Memory Palace

Security checks across malware telemetry and agentic risk

Overview

This memory skill is coherent, but it can automatically save user and project details into long-term files without clear opt-in or deletion controls.

Install only if you want an agent to maintain long-term memory about you and your projects. Require explicit confirmation before saving any memory, avoid storing secrets or sensitive personal data, and keep a way to inspect, edit, delete, or disable saved memories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases listed for this skill are extremely broad (e.g., general assistant/task-execution contexts), making accidental invocation likely during normal use. This increases the chance the skill activates without clear user intent and then applies its memory and archival behaviors to unrelated conversations.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill explicitly says user preferences, habits, and project information should be written to files for long-term storage, but it does not require informed consent, disclosure of persistence, retention limits, or data handling safeguards. This creates a meaningful privacy and data-governance risk, especially if sensitive personal or project information is stored automatically.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill directs the agent to proactively retain and archive user preferences, habits, and project details across sessions, which materially expands data collection beyond the immediate interaction. In this context, the skill is more dangerous because it is specifically designed as a memory system, so over-collection and cross-session persistence are core behaviors rather than incidental side effects.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The memory-write protocol instructs the agent to autonomously judge whether information is 'important,' store it, and then tell the user it has been archived. Allowing the agent to make that determination without prior approval can lead to unauthorized retention of sensitive data, inaccurate memory formation, and persistent storage of information the user did not expect to be saved.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal