Working Memory Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local working-memory skill, but it will create persistent memory files and can patch agent instruction files.

Install only if you want project-local long-term memory. Run migration with --dry-run first, review AGENT.md or AGENTS.md diffs, use --skip-agent-patch if you do not want standing agent instructions changed, and avoid storing secrets, credentials, or sensitive personal details in memory files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill clearly instructs users to run scaffold and migration workflows that read and write project files, including creating files, rebuilding indexes, and patching AGENT.md, yet no explicit permissions are declared. That mismatch can cause users or orchestrators to invoke a file-modifying skill without adequate consent, sandboxing, or policy checks, increasing the chance of unintended filesystem changes.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The manifest uses broad trigger phrases such as 'working memory', 'session memory', and 'make my agent remember', which can match many ordinary conversational requests unrelated to filesystem-backed memory scaffolding. Over-broad activation is dangerous here because this skill performs migration and file modifications, so an accidental trigger could lead an agent to propose or initiate invasive changes in the wrong repository or context.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The migration section states that it patches AGENT.md, restructures MEMORY.md, creates backups, and rebuilds indexes, but these side effects are not surfaced as a prominent upfront warning in the skill description. Because AGENT.md often influences agent behavior and MEMORY.md may contain curated project state, underemphasized modification risk can mislead users into approving a migration without understanding that core control and memory files will be rewritten.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow instructs the agent to write or append multiple memory files at session end, but it does not require explicit user consent, notification, or an opt-in policy before persisting potentially sensitive conversation data. In a memory-management skill, silent persistence is especially risky because users may disclose personal, confidential, or regulated information without realizing it will be stored long term and propagated across files.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The script injects natural-language instructions into AGENT.md that direct the agent to record, retain, and reuse personal context across sessions, including handoff notes, ongoing personal project details, and dated events. Because these instructions become part of the agent's operating policy, they can normalize persistent storage of sensitive user data and increase privacy, consent, and cross-session data leakage risk—especially when paired with claims that some files are 'safe anywhere.'

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal