Security audit

auto-memory-uploader

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate memory helper, but it would automatically save chat-derived personal and project details to persistent local files with weak consent and cleanup controls.

Install only if you want the agent to keep durable local notes from your chats. Avoid sharing secrets or sensitive personal, legal, medical, financial, account, or confidential work details while it is active, and periodically inspect or delete the saved memory files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases such as "保存记忆", "记住这个", and "记录下来" are broad enough to occur in ordinary conversation, which can cause unintended activation of the skill. Because activation leads to writing conversation content to local memory files, accidental matches can persist private or sensitive user data without clear, current consent.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The automatic activation conditions (every 2 messages and when "important information" is detected) are ambiguous and insufficiently bounded, making the skill likely to run without the user's informed intent in the current context. This creates a real risk of over-collection and silent persistence of conversation data into files, especially because "important" is subjective and could include sensitive material.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The description explains automation but does not prominently warn users that their conversation content will be written to local files on disk. Without a clear disclosure of persistence behavior, users may share information assuming it remains ephemeral, which increases privacy and data-handling risk.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill's core behavior is to automatically persist conversation-derived information to files by default, including on a periodic basis every 2 messages. Default persistence of user-provided content is dangerous because it can capture sensitive personal, operational, or account-related information and retain it beyond the conversation, expanding exposure if the filesystem is later accessed or shared.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The memory rules explicitly authorize storing user information, preferences, tasks, and project state in daily and long-term memory files, creating long-lived records of personal and contextual data. Even though the file claims sensitive data will not be saved, the examples include operational details, and relying on heuristic exclusion is not sufficient to prevent inadvertent retention of confidential information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.