Back to skill

Security audit

Vector Memory Hack

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local memory-search helper, but users should be aware it can repeatedly read and index their agent memory file.

Install only if you are comfortable with the agent reading and locally indexing its MEMORY.md file. Keep secrets and credentials out of that memory file, or review and clear the local index when needed; use the skill for relevant memory lookup rather than as an automatic step for every request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to index and search local memory files such as MEMORY.md, which is a file-read capability, but no permissions are declared. Hidden or undeclared file access is risky because agents or operators may invoke the skill without understanding it reads potentially sensitive local documentation, credentials, or operational rules.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description says to use the skill whenever the agent needs relevant context before starting a task, which is broad enough to trigger on many routine requests. Overbroad activation increases the chance the agent will unnecessarily read and process memory files containing sensitive information, creating avoidable data exposure and dependency on unscoped context retrieval.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction that this search is a required step before every task is excessively expansive and effectively normalizes automatic context harvesting. In practice, that can cause systematic reading of memory stores for unrelated tasks, increasing exposure of secrets, credentials, internal procedures, or other sensitive operational data beyond what is necessary for the current request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.