中文 PKM 记忆系统

Security checks across malware telemetry and agentic risk

Overview

This is a local personal-memory instruction skill that stores and searches user-provided notes through localhost services, with no executable installer or hidden code found.

Install only if you understand and trust the local PKM API and Qdrant services it will contact. Avoid saving secrets, credentials, regulated data, or sensitive personal information unless you know where it is stored and how to review or delete it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger word "记忆" is overly broad for a skill that performs persistence and retrieval actions. In normal conversation, users may mention memory casually and unintentionally activate storage behavior, causing unintended collection or persistence of sensitive content.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill documents API calls that send user text to local services for ingestion, retrieval, and vector database operations, but it does not warn users that their content may be transmitted and stored persistently. For a memory system, this omission is especially risky because conversations may contain secrets, personal data, or confidential work information that users would not expect to be retained.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal