Security audit

memory-m3e - Semantic Memory Plugin

Security checks across malware telemetry and agentic risk

Overview

This is a coherent semantic-memory plugin, but users should understand that saved memories and search queries go to the configured embedding service and are stored locally.

Install only if you want persistent semantic memory and trust the configured embedding provider. Use HTTPS or a local/self-hosted embedding endpoint, avoid storing secrets or regulated data, keep the SQLite database protected, and prefer deleting by exact memory ID rather than broad semantic queries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (6)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly advertises automatic conversation capture and use of an external embedding API, but does not clearly warn users that conversation content may be transmitted to a third-party service and stored persistently in SQLite. In a memory plugin, this can expose sensitive prompts, personal data, or secrets without informed consent, especially because autoCapture and autoRecall are presented as normal defaults.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly states that memory content is embedded via an external API, which implies user-provided memory text may be transmitted off-device. Because the documentation does not warn users about privacy, data handling, or trust boundaries for that external service, operators may unknowingly send sensitive memories to a third party.

Missing User Warnings

Low

Confidence: 83% confidence
Finding: The documentation advertises persistent SQLite storage and deletion functions but does not warn users that memory data remains on local disk or that forget operations may permanently remove records. This can lead to unintended retention of sensitive data and accidental destructive actions without clear operator awareness.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill sends arbitrary memory text and recall queries to an external embedding service, which can expose sensitive user data outside the local agent environment. Because this plugin is a memory component, the transmitted content may include long-term personal, confidential, or security-relevant information, making undisclosed exfiltration especially risky.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The memory_forget tool performs irreversible deletion immediately, including query-based deletion that chooses the nearest semantic match and deletes it without confirmation. In an agent setting, ambiguous prompts, model mistakes, or prompt injection could cause unintended loss of stored memory and degrade integrity of the agent's long-term state.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The manifest exposes configuration for an external embedding API and enables automatic memory behaviors (`autoCapture`/`autoRecall`) without any indication of consent, disclosure, or limits on what data may be transmitted or retained. In a memory plugin, this creates a real privacy and data-governance risk because user content may be automatically sent to a third-party embedding service and stored/recalled in ways the user does not expect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.