记忆整理 (Memory Curator)

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only memory maintenance workflow whose persistent edits are disclosed and aligned with its purpose, though users should review deletions before applying them.

Install this only if you want an agent to help maintain persistent memory. Before allowing deletions or MEMORY.md rewrites, ask for a proposed change report or backup, especially for user feedback, project history, or other memory that would be hard to reconstruct.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to delete memory entries and update MEMORY.md, but it does not require explicit user confirmation, preview of changes, or any safeguard before destructive modifications to user-managed data. In an agent setting, this can lead to unintended loss of important memories or silent alteration of persistent state, especially because the workflow presents deletion as a normal maintenance step.

VirusTotal

No VirusTotal findings

View on VirusTotal