Memory Manager

Security checks across malware telemetry and agentic risk

Overview

This local memory tool is purpose-aligned, but it deserves Review because it can move and consolidate private memory files with broad triggers and limited confirmation or retention controls.

Install only if you are comfortable letting this skill read, write, snapshot, and reorganize local agent memory. Back up the memory directory before running organize or categorize, avoid heartbeat automation until you review the scripts, and do not store secrets in memory files that may be copied into plaintext snapshots.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The script announces 'Backup first' and creates memory/legacy, but date-based episodic files are moved directly to memory/episodic without first creating a backup copy. If the move is interrupted, misclassified, or the destination structure is incorrect, users may lose track of files or face unintended data modification despite the script implying safe backup semantics.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises helpful memory operations, but the quick-start flow does not prominently warn that initialization and organization commands modify local files and may migrate existing memory content. In agentic environments, unclear disclosure around state-changing filesystem operations can lead to unintended data movement, overwrites, or trust-boundary violations when an agent invokes the skill automatically.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger phrase at line 11 is generic enough to match ordinary user requests about memory snapshots, which can cause the skill to activate when the user did not explicitly intend to invoke it. In a memory-management skill, unintended activation is more sensitive because it may expose, search, snapshot, or reorganize stored context without clear user consent boundaries.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list has no clear exclusion conditions or confirmation requirements, so common phrases related to memory management could activate the skill during normal conversation. Because this skill handles local memory operations, accidental activation can lead to unintended access to historical memories, automatic snapshots, or memory usage analysis that the user did not knowingly request.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script creates a persistent markdown snapshot on disk containing memory-derived content without any explicit user warning, consent, retention notice, or sensitivity check. In an agent memory context, those files may include prompts, secrets, user data, or internal reasoning artifacts, so silently materializing them to disk increases privacy and disclosure risk even if the behavior is intended.

Ssd 3

Medium

Confidence: 95% confidence
Finding: This code aggregates content from episodic, semantic, and procedural memory files into a single plaintext snapshot, which concentrates potentially sensitive information into an easy-to-read recovery file. Consolidation increases blast radius: a single snapshot can expose multiple categories of historical memory that were previously distributed across files, making accidental disclosure, exfiltration, or overbroad access more damaging.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal