mnemospark-lite Cloud File Storage

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud-storage workflow skill, but users should treat uploads, paid wallet use, share links, and deletions as sensitive actions.

Install only if you are comfortable letting the agent use a funded wallet and mnemospark-lite bearer tokens for cloud file storage. Before each action, confirm the file, tier or expected payment, upload IDs, and whether a 24-hour anonymous share link should be created; avoid uploading secrets unless the 30-day remote retention model is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly supports deletion of one or more uploads but does not require an explicit user confirmation step before performing the destructive action. In an agentic environment, this increases the risk of accidental or prompt-induced data loss, especially because delete operations are wallet-scoped and may affect multiple uploads at once.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill encourages uploading files to third-party cloud storage and minting anonymous share links without a clear privacy or data-disclosure warning to the user. This can lead to unintended exposure of sensitive data, since uploaded content leaves the local environment and share URLs enable external access for a limited period.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal