Novyx Memory

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate cloud memory skill, but it automatically stores and reuses conversation content and includes powerful memory-changing commands that deserve careful review before use.

Install only if you are comfortable sending conversation content and assistant responses to Novyx for persistent storage and future recall. Avoid secrets, regulated data, customer records, or sensitive internal material unless Novyx's retention, deletion, sharing, and access controls meet your requirements. Consider disabling autoSave or autoRecall where possible, and use rollback/delete/share commands carefully because they can alter or expose stored memory state.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (11)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README repeatedly advertises that the skill 'remembers everything' and auto-saves/auto-recalls conversations, but it does not clearly warn that user and agent content will be transmitted to an external Novyx API by default. In a memory skill, this creates a real privacy and data-governance risk because operators may enable it without realizing sensitive prompts, credentials, or regulated data could be retained and resurfaced later.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documented commands include destructive operations like rollback, forget, and undo without an explicit caution that they can permanently remove or revert memory state. That omission increases the chance of accidental data loss or misuse, especially because rollback semantics can affect multiple prior operations at once.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill states it will automatically save each user message and agent response to persistent storage, but it does not present an explicit privacy notice, consent flow, or data-handling boundaries. This is dangerous because users may unknowingly send sensitive prompts, credentials, regulated data, or internal business information into long-term third-party storage.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill supports sharing context spaces with another user by email but does not warn about the privacy and confidentiality impact of exposing stored memories to additional parties. In a memory system that may contain broad conversational history, this can lead to accidental disclosure of proprietary, personal, or security-sensitive information.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The listed commands include destructive operations such as deleting memories and undoing saved entries without explicit caution about data loss, scope, or recoverability. This increases the risk of accidental deletion or rollback of important state, which can impair agent behavior, erase auditability, or remove evidence needed for incident review.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill automatically sends user messages to a remote Novyx API during normal conversation flow without an explicit just-in-time notice or opt-in. Because this component is a persistent memory system, users may unknowingly transmit sensitive prompts, credentials, proprietary data, or regulated information off-platform, creating a real confidentiality and compliance risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill also persists assistant responses automatically to the same remote service, again without a point-of-use warning. Assistant replies often contain summarized user secrets, internal instructions, retrieved documents, or tool outputs, so storing them remotely broadens data exposure and increases the chance of later unintended disclosure through search, recall, audit, or sharing features.

Missing User Warnings

High

Confidence: 94% confidence
Finding: The rollback command performs a destructive state-changing operation immediately after generating a preview, with no separate confirmation step, approval gate, or explicit user acknowledgement. In an agent setting, a single natural-language trigger or mistaken invocation could undo memory state and audit-relevant history at scale, causing integrity loss and operational disruption.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The README describes default auto-save for normal user messages and agent responses plus automatic recall into future context, which materially increases retention, resurfacing, and prompt-leakage risk. In practice, this means sensitive data can be stored without deliberate user action and later reintroduced into model context in unrelated conversations or tasks.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Automatic persistence of every user message and agent response creates broad collection of natural-language data, which commonly includes secrets, personal data, customer records, and internal operational details. In this skill's context, the feature is central to functionality, which makes the risk more serious because collection is continuous and default-on rather than narrow and user-directed.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The design intentionally logs user-provided observations and later recalls and displays them in plain language, which can surface sensitive content to future prompts, users, or sessions. In a memory skill this behavior is expected functionally, but without minimization, redaction, consent, or access scoping it becomes a meaningful privacy and data-leakage vulnerability.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal