Back to skill

Security audit

Learnloop

Security checks across malware telemetry and agentic risk

Overview

LearnLoop is a clearly disclosed local memory skill, but users should understand that it can persist preferences, corrections, and project context into future sessions.

Install this only if you want Claude to keep local project memories across sessions. Do not let it save secrets, credentials, regulated data, sensitive personal details, or confidential business context unless you intentionally want those retained. Periodically review, edit, or delete entries in the Claude Code memory directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation guidance is broad enough that the skill may trigger on many ordinary conversational events, causing memory capture in situations where the user did not clearly intend persistence. In a skill whose primary function is writing to future-session memory, over-invocation increases the risk of storing sensitive, incorrect, or context-specific information that will later influence behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly promotes persistent writes into Claude Code's native auto-memory, but does not clearly warn users that this modifies future-session behavior and may retain sensitive or stale information. Because this storage is auto-injected into later sessions, omitted consent and disclosure materially increase the risk of privacy leakage, prompt poisoning persistence, and hard-to-notice long-term behavioral manipulation.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase 'If you'd otherwise say "I'll keep that in mind for next time" — that's the trigger' is extremely broad and overlaps with ordinary conversation, encouraging the agent to persist information without a clear, narrow threshold or explicit user consent. In a memory-writing skill, broad natural-language activation increases the chance that sensitive preferences, corrections, or contextual details are stored automatically and reused across sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explains that memory is auto-injected in future sessions but does not prominently and explicitly warn users that corrections, preferences, roles, and other details will be written to persistent local files. This creates a transparency and consent problem: users may reveal information in normal conversation without realizing it is being retained beyond the current session.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill is explicitly designed to persist user corrections, preferences, and session-derived information into auto-loaded memory across future sessions. That behavior creates a cross-session data retention channel that can capture personal, sensitive, or contextually confidential information without sufficient minimization or consent safeguards.

Ssd 3

Medium
Confidence
97% confidence
Finding
This section instructs the agent to save user role, expertise, preferences, project constraints, and references to external systems such as Linear, Grafana, or Slack into persistent memory. Those categories can expose organizational context, identity, work patterns, and internal system names, making the skill more dangerous because it normalizes storing potentially sensitive operational metadata for automatic future reuse.

Ssd 3

Medium
Confidence
95% confidence
Finding
The guidance at this line uses broad natural-language reasoning to justify saving nearly anything that seems useful for 'next time,' which weakens any meaningful boundary on what gets persisted. In context, that makes the skill more dangerous because it is specifically connected to an auto-loaded memory system, so over-collection directly translates into durable cross-session exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.