多用户隔离型长期记忆 Multi-user Long Term Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is a local per-user memory helper with expected persistence, but users should treat the saved memory files as private data.

Install only if you are comfortable with the agent keeping long-term per-user Markdown memory files on disk. Avoid storing secrets, credentials, regulated personal data, or information users have not agreed to retain, and periodically review or delete files in the users directory according to your retention needs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly documents persistent per-user memory storage across sessions, but provides no user-facing notice, consent flow, retention policy, or limits on what personal data may be stored. In a multi-user context, silent cross-session persistence increases privacy risk and can lead to unintended collection, reuse, or exposure of sensitive user information.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal