Daily Memory Save

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed local memory helper that reads conversation history and saves summaries to workspace files, with no executable code or network behavior found.

Install only in workspaces where you are comfortable having conversation summaries saved to local files. Review memory/ and MEMORY.md periodically, delete sensitive entries, and switch to the documented notification mode if silent updates are not acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: The skill is designed to silently read conversation history and persist summaries to local files without notifying the user on each save. Even without network access, silent persistence of potentially sensitive conversation content reduces transparency and can lead to unnoticed retention of private data in the workspace.

Natural-Language Policy Violations

Medium

Confidence: 97% confidence
Finding: The explicit instruction to avoid messaging the user while quietly saving memories creates a covert persistence mechanism inside the main session. In context, the skill has access to broad conversational context and writes persistent files, so suppressing notice makes privacy-impacting behavior harder for users to detect or audit in real time.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal