Back to skill

Security audit

Satori

Security checks across malware telemetry and agentic risk

Overview

Satori is a coherent memory skill, but it can quietly store and reuse sensitive conversation details through an external CLI without clear user consent controls.

Install only if you intentionally want an external Satori memory service to store and recall conversation facts across tools and sessions. Before using it, configure your agent to ask before saving or searching memory, avoid storing sensitive personal or business information unless explicitly intended, and verify how to inspect, delete, disable, and secure the Satori memory and CLI credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger conditions are broad enough to activate on common phrases like 'save', 'add', or ordinary requests for reminders, which can cause the skill to run in contexts where the user did not intend persistent cross-session storage or retrieval. In a memory skill, overbroad activation is especially dangerous because it can lead to unexpected collection, lookup, and reuse of sensitive project or personal information.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly enables silent persistence and retrieval of user context without a clear user-facing warning or disclosure. This undermines user expectations and consent, and can expose prior session data across providers and tools in ways the user may not realize are happening.

Ssd 3

Medium
Confidence
96% confidence
Finding
The workflow instructs the agent to search and silently incorporate retrieved facts into responses without announcing that external persistent memory was consulted. This creates a hidden-context channel where stale, sensitive, or cross-context information can influence outputs without transparency, making misuse, privacy violations, and context confusion more likely.

Ssd 3

Medium
Confidence
98% confidence
Finding
The save workflow broadly directs the agent to extract and persist decisions, preferences, names, deadlines, contacts, and strategic information, which materially increases retention of sensitive personal and business data. Because the skill is designed for long-term cross-tool continuity, this broad collection policy amplifies the consequences of overcollection, unauthorized reuse, and accidental disclosure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.