episodic-memory-debugger

Security checks across malware telemetry and agentic risk

Overview

This skill is a local JavaScript diagnostic helper for memory-system data, with no evidence of hidden execution, network access, credential use, or persistence beyond in-process analysis.

Reasonable to install for local memory-system diagnostics. Only pass memory records you are comfortable analyzing, because reports can include IDs, timestamps, metadata, and issue details derived from those records; also note the publisher provenance is limited.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: This is a mismatch because the code substantially exceeds the declared description. While the declared purpose accurately covers several major functions—recall precision analysis, multi-modal encoding validation, indexing efficiency checks, and irrelevant recall detection—the implementation also exposes additional analysis capabilities not mentioned in the description. These are not just minor implementation details; they are user-visible diagnostic features and exported functionality, especially MemoryDriftDetector and ranking/embedding analyses. There is no evidence of unrelated resource access or suspicious external behavior, and triggers/permissions are empty, but criterion (1) is met because the code performs additional capabilities not declared.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal