Neural Memory

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local memory skill, but its recommended setup can automatically save and reuse conversation details across sessions without enough consent or filtering controls.

Install only if you intentionally want persistent agent memory. Before enabling the plugin, verify the pip/npm package source, consider turning off autoCapture and autoContext unless needed, avoid storing secrets or sensitive personal data, use separate brains for separate projects, and confirm how to inspect, delete, roll back, or isolate stored memories.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs proactive use at broad moments like starting new tasks, recalling past conversations, and after decisions or errors. In a memory skill, this creates a real risk of activating persistence and retrieval during ordinary interactions without clear consent or scope limits, increasing unintended collection and reuse of user data across sessions.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The plugin advertises automatic context injection before each run and automatic capture after runs, but the document does not present a prominent warning, consent flow, or clear privacy boundaries. Because the feature persists and resurfaces conversation content across sessions, users may unknowingly have sensitive information retained and reintroduced later.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The skill's proactive guidance encourages remembering facts, decisions, errors, and context across sessions with little minimization guidance. In context, that means ordinary user-provided content can become durable memory and later be surfaced outside the original context, creating privacy and confidentiality risks.

Ssd 3

High

Confidence: 98% confidence
Finding: Automatic capture and injection are core behavior here, and the skill says they persist across new sessions. That makes this more dangerous than a normal note-taking tool because prior conversation contents can be silently harvested and then resurfaced in unrelated future runs, exposing private or security-relevant information.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The instructions promote auto-extracting facts, decisions, and TODOs from conversation text without discussing exclusions for secrets, credentials, regulated data, or private user details. That broad harvesting model can unintentionally store sensitive information and later make it retrievable or injectable.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The workflow operationalizes routine storage of preferences, decisions, errors, and conversation segments, creating cumulative retention over time. In a persistent memory system, this materially increases the chance that sensitive user data, internal reasoning artifacts, or confidential project details will be retained and later disclosed across sessions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal