memori-extension

Security checks across malware telemetry and agentic risk

Overview

This skill has real privacy implications, but its local memory storage and optional Zhipu AI sharing are disclosed and aligned with its memory-augmentation purpose.

Install only if you want persistent local memory and prompt augmentation. Start without ZHIPUAI_API_KEY for local-only use, avoid storing secrets in the memory database, keep the database and terms file in controlled paths, and enable Zhipu integration only if you accept that conversation content may leave your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill metadata declares required binaries, pip packages, and environment variables, but does not declare explicit permissions despite clearly describing local file reads/writes and environment-variable usage. This creates a transparency and policy-enforcement gap: operators may enable the skill without realizing it needs filesystem and env access, and any permission-based sandboxing may not be applied correctly.

Ssd 3

Medium

Confidence: 95% confidence
Finding: This code concatenates full conversation messages and sends them to an external Zhipu API for analysis when configured, which can expose sensitive user content, credentials, or proprietary data to a third party. Although the code documents this behavior and requires an API key, the skill context is memory augmentation and interception of LLM traffic, which increases sensitivity because intercepted conversations may contain more data than users expect to be shared externally.

Context Leakage

High

Category: Data Exfiltration
Content: ### External API Calls ⚠️ **Important**: If `ZHIPUAI_API_KEY` is set, this skill may send conversation text to Zhipu AI's servers for augmentation. **To disable external API calls**: - Simply don't set `ZHIPUAI_API_KEY`
Confidence: 97% confidence
Finding: send conversation

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal