Dream Rem

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory-maintenance skill, but users should understand it can rewrite or delete memory files when run manually or by cron.

Install only if you want automated local memory cleanup. Before enabling the cron job, keep MEMORY.md, topics/, and memory/ under version control or backups, and periodically review the files because the skill may delete entries it judges outdated or incorrect.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to delete outdated content and remove conflicting versions, but it does not provide a prominent user-facing warning that running it can permanently modify or delete memory files. This creates a real risk of unintended data loss, especially because consolidation decisions are based on the agent's interpretation of 'outdated' or 'incorrect' content.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The installation instructions configure an unattended cron job that can automatically rewrite and delete files, yet there is no explicit warning that these destructive actions may occur without active user review. In this context, automatic execution materially increases risk because mistakes in summarization, contradiction resolution, or file selection can silently propagate and remove data on a schedule.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal