Back to skill

Security audit

Memory Pruner

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate memory-cleanup purpose, but it would affect persistent agent memory through a shell entry that is not included in the package.

Review before installing. Use this only if you are comfortable with a tool modifying agent memory, and do not run real pruning unless the missing memory-pruner executable is supplied from a trusted source. Start with dry-run, require confirmation, keep backups, and limit it to the intended memory directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Low
Confidence
84% confidence
Finding
The description is generic marketing language and does not clearly define the precise conditions under which the skill should be invoked. In an agent ecosystem, overly broad invocation cues can cause the skill to run in unintended contexts, which is risky here because the skill claims authority over 'memory management' and could influence retention or deletion of agent memory more broadly than the user intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.