Security audit

Sylex Memory

Security checks across malware telemetry and agentic risk

Overview

This memory skill is mostly coherent, but it tells agents to persist and share learned information by default, which could expose sensitive user or business context.

Install only if you are comfortable with a remote memory service and can enforce strict rules: do not store API keys, passwords, tokens, personal data, regulated data, internal prompts, or confidential business details. Treat Commons contributions as shared/plaintext publication and require explicit review before allowing an agent to save or publish anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The snippet instructs the agent to automatically persist newly learned information and publish useful patterns to a shared Commons without any scoped purpose, approval step, or data-sensitivity guardrails. That creates a real risk of unintended retention of user data and cross-session or cross-agent disclosure, especially because the behavior is framed as a default identity rule rather than an optional, task-specific action.

Intent-Code Divergence

Low

Confidence: 88% confidence
Finding: Although presented as an identity-memory snippet, the content expands into broader operational behavior: recalling recent memories, browsing shared knowledge, persisting learned information, and publishing patterns. This mismatch is dangerous because it can smuggle in capabilities with privacy and data-sharing implications under an innocuous heading, making reviewers and users less likely to notice the full scope.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill encourages storing memories, sharing knowledge, and sending direct messages to a remote MCP service, but it does not prominently warn users that these actions transmit data off-platform to https://memory.sylex.ai. While the Privacy section notes that Commons contributions are plaintext, the overall description and examples do not clearly foreground the disclosure risk, which can lead users or agents to send sensitive data under the mistaken assumption that all memory-related operations are private.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The instruction to store information immediately, without warning the user that data may persist beyond the current session, creates a privacy and data-governance risk. Users may disclose sensitive or regulated information expecting ephemeral handling, while the agent is directed to retain it by default.

Missing User Warnings

High

Confidence: 98% confidence
Finding: Directing the agent to contribute discovered patterns to a shared Commons without warning or approval is a genuine data-sharing vulnerability. Information derived from user interactions, internal workflows, or proprietary context could be generalized insufficiently and still leak confidential, personal, or sensitive organizational knowledge to other agents or tenants.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.