Daily Memory Save

Security checks across malware telemetry and agentic risk

Overview

This skill transparently saves local conversation-memory summaries on a schedule, which is privacy-sensitive but matches its stated purpose.

Install only if you want your agent to retain conversation summaries across sessions. Keep the workspace private, review memory/ and MEMORY.md regularly, delete anything you do not want persisted, and enable notification mode if silent background updates are not acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Ssd 3

Medium

Confidence: 94% confidence
Finding: The skill explicitly promotes silent persistence of conversation-derived information into durable workspace files without per-save confirmation. Even with a transparency notice, this creates a privacy and data-minimization risk because personal or sensitive context can be retained longer than the user expects and later exposed to other tools, sessions, or workspace readers.

Ssd 3

High

Confidence: 98% confidence
Finding: This prompt directs the agent to silently collect and persist broad categories of user information, including preferences, requests to remember, and emotional context, into long-term memory files. In the context of a main-session skill with conversation-history access, that broad and quiet collection increases the chance of over-collection, sensitive profiling, and unintended retention of private material far beyond what is necessary for task completion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal