Back to skill

Security audit

LanceDB Hybrid Search Memory Plugin

Security checks across malware telemetry and agentic risk

Overview

This is a coherent long-term memory plugin, but users should understand that prompts and saved memories may be embedded, stored locally, and later recalled into context.

Install this only if you want it to replace the built-in LanceDB memory provider. Use a scoped embedding API key or a trusted local-compatible provider, review whether autoRecall and autoCapture should be enabled for your environment, and avoid storing secrets or regulated data unless your embedding provider and retention policy are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The auto-capture hook persists user message content and sends selected text to the embeddings provider automatically after conversations complete. Even though the code tries to limit capture to user messages and filter obvious prompt-injection content, it can still store personal or sensitive data and exfiltrate it to a third-party API without an explicit just-in-time consent or sensitivity gate.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The auto-recall path sends the current user prompt to the embeddings API in order to retrieve memories. This exposes potentially sensitive prompt contents to an external service during normal operation, and users may not realize each prompt is being transmitted for retrieval even when no new memory is stored.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest advertises automatic capture of 'important information from conversations' but does not describe trigger conditions, exclusions, consent, or sensitivity boundaries. In a memory plugin, this can lead to over-collection of user content, including secrets or regulated data, without users clearly understanding when storage occurs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest exposes an auto-capture feature without warning users that conversation content may be persistently stored and potentially transmitted for embedding generation. This creates privacy and data-governance risk because users may enable the feature without understanding storage, retention, and third-party processing implications.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The auto-recall description says relevant memories will be automatically injected into context, but it does not warn that prior stored data may reappear in active prompts. This can surface sensitive historical content unexpectedly and expand the blast radius of previously captured data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.