Memory Auto Index

Security checks across malware telemetry and agentic risk

Overview

This skill is a local memory-indexing guide whose file changes are disclosed and aligned with its stated purpose.

Before installing, understand that this skill is meant to modify MEMORY.md and files under memory/. Review any local scripts before use, prefer preview or confirmation before automated writes, and sanitize subjects/tags before passing them to shell commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly promotes automatic updates to MEMORY.md and related memory files, but it does not warn operators that invoking the workflow will modify persistent project state. In an agent setting, undocumented automatic file mutation can lead to unintended persistence, corruption of memory/index files, or propagation of untrusted content into shared knowledge stores.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal