Back to skill

Security audit

Supermemory

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate long-term memory skill, but it stores and reuses agent conversation facts across sessions and may send ingested text to an external LLM without clearly documenting privacy and retention controls.

Install only if you intentionally want persistent agent memory. Before enabling automatic ingestion or the plugin, decide what conversations may be stored, avoid secrets or regulated data unless you have approval, keep the local API private, use a controlled LLM API key, and confirm how to inspect, delete, or separate memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that fact extraction requires an external LLM API key and names Anthropic Haiku as the default, but it does not clearly warn users at the ingestion/integration points that conversation text may be transmitted off-device. Because this skill is designed to ingest agent responses, meeting notes, and cross-session memory, users may reasonably assume 'local-first' means their sensitive content stays local, creating a meaningful privacy and data-governance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.