Back to skill

Security audit

Focalpoint Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it should be reviewed because it enables broad persistent project memory and automatic logging across conversations without clear opt-in, retention, or deletion controls.

Install only if you intentionally want a persistent local memory and task-tracking system. Before using it, verify the focalpoint package source/version, locate its SQLite database and log files, decide what projects are safe to store, avoid secrets or regulated personal data, and review GitHub/Notion sync permissions before enabling any external-account integration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation guidance uses natural-language examples like "Work on the payment system task" without defining strict trigger conditions, which can cause the agent to invoke memory and workflow tools too broadly. In a skill centered on persistent project memory, ambiguous activation increases the chance of storing, retrieving, or acting on unrelated user content without clear consent or scope boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill promotes persistent SQLite-based storage of project context, logs, and knowledge, but the user-facing setup and usage text does not clearly warn that conversation-derived data may be retained across sessions. This creates a consent and privacy risk because users may disclose sensitive project, business, or personal information assuming normal conversational ephemerality.

Ssd 3

Medium
Confidence
98% confidence
Finding
The "Automatic Memory Rules" instruct the agent to persistently log user decisions and end-of-conversation takeaways in every conversation, creating systematic retention of free-form natural-language content. Because these summaries can include sensitive facts, credentials, confidential plans, or regulated data, they materially increase long-term leakage and over-collection risk even if storage is local.

Ssd 3

Medium
Confidence
86% confidence
Finding
The feature description and examples encourage broad retention and later recall of project discussions and decisions as a core value proposition. In context, this makes the static-analysis concern more serious because the skill is explicitly designed to accumulate cross-session memory, so any sensitive statements made in ordinary conversation are likely to be preserved and resurfaced later.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.