WAL Memory

Security checks across malware telemetry and agentic risk

Overview

This skill creates a local plaintext recovery log for agent continuity, and the persistence behavior is disclosed, manual, and aligned with its stated purpose.

Install this only if you want local agent memory across sessions. Treat STATE.log and GOALS.md as private project data, add STATE.log to .gitignore, avoid logging secrets or sensitive payloads, and periodically review what future sessions will read.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 99% confidence
Finding: This is a clear mismatch because the description promises a substantial persistence and recovery mechanism for agent memory across session failures, including a two-file WAL design and recovery hooks. The actual code only writes categorized messages to a log file and renames the file when it grows too large. There is no recovery logic, no state reconstruction, no second WAL file beyond a rotated archive, and no evidence of GOALS.md setup or boot-time restoration.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The description says to use the skill whenever setting up persistent memory for an agent that needs to survive various failures, but it does not define explicit trigger phrases, exclusion conditions, or when this skill should not be invoked. That breadth could cause unintended activation in many general reliability or persistence-related contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal