Extract Memories

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory-saving skill, but it can automatically persist broad conversation details without a clear review or approval step.

Install only if you want automatic long-term memory extraction. Configure or use it so memories are reviewed before saving, and avoid storing secrets, account identifiers, private URLs, internal paths, or confidential project details.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill auto-triggers on common conversation-ending phrases like 'bye' or '再见', which can invoke persistence behavior without deliberate user intent. Because the triggered action reads recent session content and writes extracted material to memory files, overly broad matching can cause unintended collection and storage of user data.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill description states that it will write conversation-derived information into persistent memory files, but it does not clearly warn the user that their content may be stored across sessions. This creates a transparency and consent gap, especially when the stored data includes preferences, decisions, constraints, and external references.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: Automatic extraction at conversation end or on heartbeat allows the skill to analyze and persist user messages without a fresh manual trigger or explicit notice at the time of capture. This increases the chance that users disclose sensitive information during normal conversation and have it stored unexpectedly.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs persistent storage and indexing of conversation-derived memories across sessions, which may include sensitive user information. Persisting such data without strong minimization, consent, and review controls creates a real confidentiality and privacy risk if secrets, personal data, or sensitive project details are captured.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The workflow instructs the skill to scan the recent session for user decisions, preferences, project constraints, and external system pointers such as URLs, tools, accounts, and paths, then store them. This materially increases the risk of collecting confidential operational data or identifiers that could aid later compromise or privacy violations.

Ssd 3

Medium

Confidence: 98% confidence
Finding: Automatic extraction on end-of-conversation phrases and heartbeat checks can capture user disclosures passively and persist them without contemporaneous consent. In context, this is more dangerous because the same skill has read access to session history and write access to durable memory files, making silent cross-session retention of sensitive content plausible.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal