Security audit

Memory Lcm

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory tool, but it retains complete conversations and auto-writes extracted decisions to long-term memory without clear deletion, retention, review, or redaction controls.

Install only if you intentionally want conversations retained locally and searchable later. Avoid using it for sessions containing credentials, personal data, confidential business context, or regulated information unless you add controls to redact sensitive content, review MEMORY.md updates, and delete or expire stored history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (6)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly advertises that it stores every message and syncs decisions to MEMORY.md, but the description provides no user-facing warning, consent flow, retention limit, or guidance about sensitive data handling. In an agent context, silent persistent logging of conversations can expose secrets, personal data, and prior prompts to later retrieval or accidental disclosure.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The code persists conversation-derived summaries and extracted decisions to storage automatically, with no consent, notice, retention controls, or sensitivity checks visible here. In a memory-management skill, this increases privacy and data-handling risk because user messages may contain secrets, personal data, or sensitive business context that gets retained and re-surfaced beyond the original interaction.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The code persists extracted conversation-derived 'decisions' into a long-term memory file under the user's home directory without any consent check, notice, opt-in, or filtering for sensitive content. In an agent context, this creates a privacy and data-retention risk because arbitrary chat content may be silently stored across sessions, potentially capturing secrets, personal data, or sensitive project information.

Ssd 3

Medium

Confidence: 97% confidence
Finding: Describing the system as 'lossless conversation memory' that stores every message and makes history searchable across sessions creates a real data retention risk, because sensitive user content may be captured indefinitely and later surfaced outside its original context. The danger is amplified by cross-session searchability and automatic propagation of 'key decisions' into another durable file.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The example instructs developers to log both user and assistant content after each turn without any filtering, consent, or sensitivity checks. That encourages indiscriminate capture of credentials, personal data, proprietary information, and safety-relevant prompts that users may reasonably expect not to be retained verbatim.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The feature list promotes storing every message and full-text search across all sessions as benefits, which normalizes broad retention and discoverability of potentially sensitive conversational data. In a memory skill, this context makes the finding more dangerous because the stated purpose is durable recall, increasing the likelihood that old sensitive content will be resurfaced or disclosed later.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal