Lovefromio Ontology

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local knowledge-graph memory tool that stores workspace data for its stated purpose, with no evidence of hidden exfiltration or destructive behavior.

Install this only if you want persistent local workspace memory that other local tools or skills may read or reuse. Avoid storing raw secrets, private message contents, or sensitive account details unless that sharing is intentional, and verify publisher/version provenance if that matters to your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to create and modify local workspace files under `memory/ontology`, but it does not declare corresponding permissions or constraints. Undeclared write capability weakens policy enforcement and review, increasing the chance that the skill can be invoked to persist or alter data without operators understanding its file-system impact.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger set includes broad phrases such as "remember" and general entity/state access language, which can cause the skill to activate in many ordinary conversations. Because this skill writes shared memory, accidental invocation can lead to unintended persistence, linkage of unrelated data, or cross-skill state contamination.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal