Memory Network

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable skill description for a sensitive memory-sharing concept, so it is not blocked but should be used only with clear privacy controls.

Before installing or using an implementation based on this skill, confirm what conversation histories are imported, where memories are stored, who can see them, which clusters are matchable by default, and how deletion or opt-out works. Do not connect external AI conversation data unless you intentionally want those memories used for social matching.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly describes cross-platform aggregation of memories and emotion-aware matching, which implies processing highly sensitive personal and behavioral data, but it provides no concrete privacy warnings, consent model, retention limits, or safeguards. In this context, the omission is security-relevant because users may underestimate the sensitivity of imported conversation histories and emotional inferences, increasing the risk of overcollection, inappropriate sharing, or unsafe deployment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal