Semantic Memory

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate memory-search skill, but its default database setup can expose saved notes on the network if the user imports private content.

Review the memory folder before import, bind ChromaDB to 127.0.0.1 unless you have authentication and firewalling in place, and avoid pointing CHROMA_HOST at an untrusted remote server. Keep the TF-IDF cache directory private because the search script reads pickle cache files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script initializes a ChromaDB HTTP client and then recursively reads and uploads all .md files from a directory to that server, potentially transmitting sensitive memory or workspace content off-host without an explicit warning, confirmation, or trust boundary check. In the context of a long-term memory skill, the imported files may contain highly sensitive agent notes, prompts, credentials, or user data, which makes silent bulk transfer materially risky even if the default host is localhost.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal