Memi

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local personal CRM, but it needs Review because it can persist broad relationship profiles and use Gmail, Calendar, and Google Contacts without clear opt-in boundaries.

Install only if you want a long-lived local relationship database and are comfortable with the agent retaining social-graph details, commitments, preferences, and inferred behavior patterns. Before enabling gog, verify its source and OAuth scopes, and require explicit approval before Gmail, Calendar, or Contacts are scanned or used.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (13)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill goes beyond a user-expected personal CRM by instructing the agent to scan recent Gmail content for relationship signals and persist derived intelligence. This materially expands data access and collection scope into highly sensitive communications without clear upfront disclosure in the manifest description, creating a transparency and consent problem.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill imports and merges Google Contacts data into its local CRM even though that enrichment behavior is not clearly disclosed in the manifest. Hidden enrichment changes the system from a manual note-taking CRM into an external-data aggregation tool, which increases privacy exposure and user surprise.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill performs proactive calendar monitoring and meeting prep, which is a materially broader capability than the brief CRM description suggests. Undisclosed background-style monitoring of meetings can expose sensitive scheduling context and cause unexpected use of personal or work calendar data.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly promotes persistent collection of highly sensitive relationship data, including personal attributes, promises, dates, and social graph information, but does not give a clear, prominent warning about the sensitivity of this data or the need to obtain consent before storing third-party information. In a personal CRM skill, this creates real privacy and compliance risk because users may casually ingest non-public information about others without understanding the consequences of long-term retention and profiling.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README advertises Gmail, Google Contacts, and Calendar integrations and notes that data is local, but it does not clearly warn users up front that enabling these features may grant the skill access to private communications, contacts, and scheduling data for processing. Because these sources contain especially sensitive account data, the absence of explicit disclosure and scope clarification increases the chance of over-collection and uninformed authorization.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs storage of highly sensitive personal relationship data, commitments, preferences, and notes in a local SQLite database without any user-facing privacy warning or consent language. Even if stored locally, this creates meaningful privacy risk because intimate interpersonal details are being retained persistently and broadly.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill directs proactive ingestion of calendar, Gmail, and pasted conversations, all of which can contain third-party personal data and confidential information. Doing this without a clear user warning and explicit consent is dangerous because it silently broadens collection from user-entered notes to passive surveillance of sensitive communication sources.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill describes automatic proactive behaviors that may surface reminders, meeting context, and relationship suggestions unprompted, but it does not clearly warn users that this can happen. Unexpected proactive disclosures can reveal sensitive contact or meeting information in the wrong context or at unwanted times.

Ssd 3

Medium

Confidence: 88% confidence
Finding: The skill is explicitly designed to remember everyone the user meets and persist broad conversation-derived personal details about them. This is a real privacy and data-minimization concern because it encourages indiscriminate long-term collection of third-party information far beyond what is necessary for many CRM tasks.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill instructs the agent to maintain an evolving user profile and meta-observation log inferred from ongoing interactions, including communication style, priorities, network patterns, and life context. This creates a persistent behavioral profiling system, which is especially sensitive because it aggregates inferred traits rather than just storing user-provided facts.

Ssd 3

High

Confidence: 97% confidence
Finding: The skill requires logging every referenced contact interaction and incrementally tracking user behavior across all mentions, effectively turning ordinary conversation into comprehensive surveillance telemetry. This is dangerous because it captures more than necessary for immediate functionality and normalizes silent longitudinal tracking.

Ssd 3

High

Confidence: 98% confidence
Finding: The conversation import and email scanning features direct the agent to extract and store personal data from pasted chats and recent emails, which often include sensitive third-party information and contextual details the user may not intend to retain. Bulk extraction from communications substantially raises privacy, consent, and overcollection risks.

Ssd 3

High

Confidence: 98% confidence
Finding: The Gmail integration explicitly instructs scanning recent emails for life events, commitments, introductions, and topic signals, then storing them for cross-referencing. Email is a highly sensitive source, and extracting structured intelligence from it creates substantial privacy risk, especially for third parties who never consented to analysis or retention.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal