Back to skill

Security audit

Neural Memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local persistent-memory skill; its main risk is expected privacy exposure from automatic conversation capture and recall, not hidden or unrelated behavior.

Install only if you want your agent to keep local memory across sessions. Consider disabling autoCapture or autoContext for sensitive work, avoid storing secrets or regulated personal data, and periodically review or delete the local brain database when retained context is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs proactive use in broad, ordinary situations such as starting a new task, remembering context across sessions, and tracing prior events. That creates a high likelihood of unnecessary memory access and retention, increasing exposure of unrelated or sensitive prior-user content without a clear necessity or consent boundary.

Missing User Warnings

High
Confidence
97% confidence
Finding
The plugin advertises automatic context injection before each run and automatic post-conversation capture, but the skill does not provide a clear warning, consent flow, or retention policy for user data. In a memory tool, silent automatic persistence across sessions can expose private conversation content, secrets, or regulated data far beyond user expectations.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill encourages persistent storage and reuse of facts, decisions, errors, and context across sessions without defining sensitivity limits or exclusion rules. That makes it easy for an agent to retain user-provided confidential information and later surface it in unrelated contexts, creating privacy and confidentiality risks.

Ssd 3

Medium
Confidence
96% confidence
Finding
Automatic capture and extraction from conversations operationalize broad collection of user inputs into persistent memory, which can include sensitive information even if not intended for storage. Because this happens via hooks around every run, the skill context makes the issue more dangerous by increasing collection frequency and reducing user awareness.

Ssd 3

Medium
Confidence
94% confidence
Finding
The workflow directs routine end-of-session processing of conversation segments into memory, normalizing bulk retention of potentially sensitive dialogue. Without content minimization or consent checks, this can convert transient conversation data into long-lived records that may later be retrieved or leaked.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.