Memory Setup (Jack)

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only guide for enabling persistent memory search, with privacy-sensitive settings that users should review before enabling.

Install only if you want persistent memory search. Before enabling it, review whether past conversation transcripts should be indexed, avoid storing secrets or regulated data in memory files, and prefer the local provider for sensitive workspaces.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly enables indexing of past conversation transcripts ("sessions") and recommends external embedding providers such as Voyage or OpenAI, but it does not disclose that conversation content may be sent to third-party services for embedding or persisted in searchable form. This can cause unintentional exposure of sensitive personal, project, or credential-bearing historical data, especially because users are told to enable the feature and set API keys without any privacy warning or scoping guidance.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal