Metacognition

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local self-reflection memory tool; its sensitive behavior is mostly limited to local files and an optional localhost embeddings service.

Install this only if you are comfortable with an agent summarizing recent conversations or notes into local memory files. Use a trusted local embeddings service if EMBEDDINGS_URL is enabled, avoid pointing extract at secret-heavy files, and periodically review or delete the generated memory and lens files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The integrate flow automatically reads the latest daily note and may submit extracted text fragments to the local embeddings service without any user-facing notice or consent at that call site. Even though the endpoint is restricted to localhost, daily notes can contain sensitive personal or operational data, and sending them to another process broadens exposure and surprises users.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The extract command accepts an arbitrary user-specified file path, reads its contents, and may forward extracted text to the embeddings service via get_embedding() with no warning. In a memory/reflection skill, users may point it at highly sensitive notes, so the lack of disclosure and consent is a real privacy/security issue even if the receiver is local.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal