Smart Memory System

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory skill, but it should be reviewed because it persists and automatically reuses user history while under-explaining privacy, deletion, and external-model data flow.

Review before installing. Treat this as a persistent memory system: avoid indexing broad private folders or sensitive documents until you understand what is stored, when it is reinjected into prompts, and whether provider APIs receive the content. Prefer disabling auto-enhance, using narrow memory sources, and confirming backup/deletion behavior before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README promotes automatic retrieval and injection of user history into conversations without describing consent, retention, access controls, or handling of sensitive data. In a memory system, this can lead to unintended disclosure of private cross-session information or over-collection of user data, especially if shared devices, team contexts, or prompt injection scenarios are involved.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation enables automatic context enhancement but does not warn that prior conversation memory may be injected into future prompts or responses. In a memory skill, this can cause unintended disclosure of sensitive prior content across tasks, sessions, or users if isolation is weak or users do not understand the feature.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill instructs users to configure external Edgefn-hosted embedding and reranker models, but does not warn that user queries and stored memory chunks may be transmitted to third-party APIs for processing. Because this skill is specifically designed to handle persistent memory and semantic retrieval, the omitted disclosure materially increases privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The feature list advertises expired-memory cleanup without warning that cleanup or expiry may permanently delete cached or stored memory data. For a persistence-oriented memory system, undocumented deletion behavior can lead to unexpected loss of user data and undermine safe operation or backup practices.

Known Vulnerable Dependency: lodash==4.17.21 — 3 advisory(ies): CVE-2026-2950 (lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and ); CVE-2026-4800 (lodash vulnerable to Code Injection via `_.template` imports key names); CVE-2025-13465 (Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions)

High

Category: Supply Chain
Confidence: 96% confidence
Finding: lodash==4.17.21

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal