Relationship Intelligence

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent personal CRM, but it persistently profiles relationships and can scan Gmail, Calendar, and Contacts with weak consent and deletion controls.

Install only if you are comfortable creating a long-lived local database of sensitive relationship details about you and other people. Keep gog disabled unless you intentionally want Gmail, Calendar, and Contacts analyzed; verify its Google scopes first, and periodically inspect or delete ~/.local/share/memi-ri/memi.db. Do not use it with confidential emails, private conversations, or third-party data unless you have a clear reason and consent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill authorizes scanning Gmail for recent messages and mining relationship signals from email content, which materially expands collection beyond user-supplied conversation notes into a separate, highly sensitive data source. Because this enrichment is broad and automatic, it can capture third-party personal data, commitments, and life events without a clear, granular consent boundary, increasing privacy and over-collection risk.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs the agent to build and persist a self-improving behavioral model of the user, including communication style, priorities, rhythms, patterns, and life context. That goes beyond a simple contact manager and creates a long-lived profile that can reveal sensitive behavioral inferences the user may not expect from the stated CRM-style purpose.

Description-Behavior Mismatch

Low

Confidence: 84% confidence
Finding: The manifest and top-level description emphasize conversation-based relationship intelligence, but the skill also enriches from Google Contacts and Calendar. This mismatch weakens informed consent because users may reasonably expect only chat-derived storage, not cross-account data aggregation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly states the skill remembers names, companies, preferences, promises, important dates, and relationship patterns, but it does not prominently warn users about the sensitivity, persistence, and downstream processing implications of this data. In a personal CRM context, this creates meaningful privacy risk because the skill encourages accumulation of intimate first- and third-party data that may be retained locally and potentially sent to the configured LLM provider during use.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README advertises Google Calendar, Gmail, and Contacts integration but does not clearly warn that enabling these connectors can expose additional sensitive personal and third-party information, including email contents, schedules, and contact metadata, to the skill's processing pipeline and possibly the configured LLM provider. Because this skill is specifically designed to aggregate and infer relationship intelligence, those integrations materially increase the sensitivity and volume of data processed.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill stores extensive relationship data including notes, commitments, preferences, dates, interaction history, and inferred user behavior, yet it provides no user-facing privacy notice, retention limits, or deletion controls. This creates significant risk of unexpected surveillance-like persistence and exposure of sensitive interpersonal information if the database is accessed or misused.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The Google integration instructs access to Gmail, Calendar, and Contacts, including scanning recent emails for life events and commitments, without a clear warning or granular consent model. Access to these external personal accounts can expose not only the user's data but also sensitive third-party data from correspondents, making the feature particularly privacy-invasive.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill specifies proactive morning briefs, meeting prep, and post-meeting prompts driven by ongoing calendar and relationship monitoring, but it does not clearly warn users that unsolicited prompts may occur. This can surprise users and normalize background monitoring of meetings, commitments, and social activity beyond an immediate request-response interaction.

Ssd 3

Medium

Confidence: 87% confidence
Finding: The skill is designed to remember everyone the user meets and continuously accumulate relational details, which encourages broad persistent collection of personal data in plain language. Even if intended as product functionality, this increases the risk of storing sensitive, unverifiable, or third-party information without sufficient minimization or safeguards.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The skill instructs logging all touchpoints and maintaining running meta-observations about the user's behavior, effectively creating a surveillance-style dossier in plain language. Such free-text logs are hard to constrain, may capture sensitive inferences, and can expose highly personal details if accessed by another party or reused for unintended purposes.

Ssd 3

High

Confidence: 96% confidence
Finding: The skill tells the agent to import pasted conversations and scan recent emails to extract relationship intelligence, which can ingest large amounts of sensitive communications content, including third-party information not directly provided for storage purposes. This materially raises the risk of over-collection, confidentiality harm, and retention of private communications beyond user expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal