Back to skill

Security audit

memory-encrypted

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it should be reviewed because it asks an agent to manage sensitive memory encryption and scheduled backups without enough implementation detail or user control.

Review before installing. Do not rely on this for sensitive memory unless the publisher provides auditable encryption details and clear controls for enabling, disabling, restoring, and deleting backups. Protect the local key file separately from the backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description advertises activation on broad terms like '加密、备份、安全、私密', which are common in normal user conversations and can cause unintended invocation. Because the skill handles sensitive memory storage and backup behavior, accidental activation could trigger privacy-impacting actions or steer users into security-sensitive workflows without clear intent.

Vague Triggers

Low
Confidence
89% confidence
Finding
Invocation phrases like '解锁记忆' and especially '查看记忆' are generic and may overlap with ordinary conversational requests about remembering or reviewing prior context. In a skill that manages encrypted memory, such collisions can lead to unintended disclosure attempts or inappropriate skill routing when the user did not explicitly intend to access protected stored data.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.