Back to skill

Security audit

Cognition Evolution

Security checks across malware telemetry and agentic risk

Overview

This memory skill appears intended to summarize conversations, but it may automatically store conversation-derived content in long-term memory without clear user consent or controls.

Install only if you intentionally want conversation reviews to be saved into long-term memory. Avoid using it around sensitive personal, business, legal, medical, or credential-bearing chats unless you can preview, edit, delete, and disable stored memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The listing explicitly promises automatic end-of-conversation review and deposition of lessons into long-term memory, but provides no warning about privacy, retention, or consent. This can cause users to unknowingly persist sensitive conversation content, decisions, and unresolved issues across sessions, increasing the risk of unintended disclosure or over-collection.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The listing explicitly promises automatic review, lesson extraction, and cross-session retention of conversation-derived information, but it does not disclose what data is stored, how long it is retained, whether sensitive content may be persisted, or how users can opt out. In a memory-oriented skill, this omission increases the risk of unintentionally retaining personal, confidential, or business-sensitive information across sessions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README states the skill is 'fully automatic' and triggers after every conversation, which is an overly broad activation condition. This can cause unintended invocation on unrelated chats, leading to unsolicited memory writes, privacy issues, and pollution of long-term memory with low-quality or sensitive content.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manual trigger phrases are common conversational Chinese phrases such as '总结我们刚才的讨论', which can easily appear in normal dialogue without the user intending to activate a persistence workflow. This raises the risk of accidental triggering and unintended storage or transformation of conversation content into long-term memory.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill is configured to run automatically at vague session boundaries such as 'heartbeat' or when a conversation appears to end, without clear user confirmation or tight scoping. In a memory-writing skill, this creates a real risk of unintended persistence of sensitive or low-quality conversation-derived content into long-term memory.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill description does not clearly warn users that it will automatically extract content from conversations and write it into long-term memory. This undermines informed consent and can lead to unexpected retention of sensitive data, personal information, or strategic decisions that the user did not intend to persist.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.