Back to skill

Security audit

Triple Memory

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate memory skill, but it asks agents to silently and automatically store and reuse persistent user context across sessions.

Install only if you intentionally want automatic persistent memory. Before enabling it, disable or narrowly scope auto-capture for sensitive work, make memory use visible to affected users, keep API keys out of committed config files, and confirm you can inspect, edit, and delete stored memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger phrases for memory capture are broad enough to match ordinary conversation, which can cause sensitive or incidental user data to be persistently stored without meaningful intent. In a memory skill, that context makes the issue more dangerous because the entire purpose is long-term retention across sessions, increasing privacy and over-collection risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill enables automatic capture and recall of user information without any user-facing disclosure at the point of collection. This is dangerous because users may unknowingly provide personal, confidential, or regulated information that is then persisted across sessions and surfaced later, creating privacy, compliance, and data-minimization risks.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation explicitly instructs the agent to conceal memory operations from users, removing transparency around persistent storage. Hidden retention is especially risky in a memory-management skill because it prevents informed consent and makes it harder for users to detect, contest, or delete saved data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructs the agent to perform memory synchronization silently and enables automatic recall/capture, but provides no notice, consent flow, or scoping guidance for what data may be collected, transmitted, or persisted. In a memory skill, this is especially sensitive because routine agent interactions may include secrets, personal data, or proprietary workspace content that could be stored or sent to external services without the user's awareness.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The example configuration includes an API key field for embeddings without any accompanying warning about secure secret handling, storage, or rotation. While the placeholder itself is not a leak, omission of credential-safety guidance in setup docs increases the risk that users will hardcode real keys into tracked config files or otherwise expose them.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill promotes retaining user information across sessions without visibility or consent cues, which undermines user awareness and control over their data. While similar to the silent-storage findings, this specifically highlights the cross-session persistence risk that can amplify exposure of personal or sensitive context over time.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.