CortexDB Agent Memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory helper for CortexDB, but users should be intentional about what they allow it to save across sessions.

Install only if you want an agent to keep local long-term memory. Avoid storing secrets or sensitive personal data, use a real sidecar token, keep the gRPC endpoint local unless you add transport security, and make sure you know how to inspect or delete the CortexDB database file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger description is broad and includes generic phrases such as memory, long-term memory, RAG, and "remember this," which can cause the skill to activate for ordinary conversations not clearly requesting persistent storage. In this context, over-triggering is more dangerous because the skill is specifically designed to save durable user facts across sessions, creating privacy and consent risks if invoked too eagerly.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill repeatedly promotes storing durable user facts and preferences across turns or sessions, but it does not provide an explicit privacy notice, consent requirement, retention policy, or warning that data will persist locally in `agent.db`. In a memory skill, this context makes the issue more serious because users may reveal sensitive personal information without understanding that it will be retained and later queried.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal