Ontology

Security checks across malware telemetry and agentic risk

Overview

The skill appears to provide local shared memory, but its broad activation and persistent cross-skill storage need review before installation.

Install only if you want a persistent local memory layer shared across skills. Review what it stores under memory/ontology, avoid saving secrets or sensitive personal data, and prefer explicit user-directed write actions with a clear way to inspect and delete stored entries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to create directories and write to local workspace files (`memory/ontology/graph.jsonl`, `memory/ontology/schema.yaml`) but does not declare permissions. This creates a mismatch between the skill's documented behavior and its security contract, making file mutation harder to audit and increasing the chance of unintended or unauthorized persistence.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger conditions are very broad, including phrases like "remember," entity CRUD, shared state, and cross-skill data access. This can cause the skill to activate for many ordinary requests and silently persist or link user data into long-lived storage, especially because the skill is designed as shared memory across skills.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal