Micro Memory

Security checks across malware telemetry and agentic risk

Overview

This is a real local memory tool, but it needs Review because it persistently stores and mutates user memories with broad triggers, weak confirmations, and an unsafe helper script.

Review before installing. Treat all memories as plaintext local files, avoid storing secrets or sensitive work data, and make backups before using compress, consolidate, archive, or export. Prefer a version that narrows auto-triggers, adds confirmations for destructive or full-data actions, fixes package.json, and removes the execSync wrapper.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrase "我的记忆" is generic and plausibly appears in normal conversation, which can cause unintended activation of the skill. In this skill, accidental activation is more concerning because the documented behavior includes auto-listing and persistent memory operations, potentially exposing or modifying stored user data without deliberate intent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly describes auto-add triggers, persistent on-disk storage, and modification features like compression and archiving, but does not provide a clear user-facing warning or consent flow. This creates a privacy and integrity risk because users may unknowingly cause sensitive conversational content to be stored, transformed, or archived on disk.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: Memory content is automatically persisted to a markdown file in plain text via syncToMarkdown(), which can expose sensitive data entered into the memory store to any user or process with filesystem access. In an agent skill context, users may reasonably provide secrets, personal data, or operational context, making silent plaintext persistence more dangerous than ordinary logging.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase at this location is broad enough to overlap with normal user conversation, which can cause unintended skill activation. In an agent skill, accidental invocation can expose or modify stored memory data when the user did not intend to interact with this package.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: This trigger is too generic to reliably distinguish explicit skill use from ordinary dialogue, increasing the chance of false activations. Because the skill manages memory records, unintended activation could lead to storing, listing, editing, or deleting personal information without clear user intent.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The archive operation modifies persisted state by writing archived data to a new file and replacing the main index with only retained memories, but it provides no confirmation, dry-run, rollback, or backup guarantees. In a memory-management skill, these records may contain valuable or sensitive user data, so silent state-changing operations increase the risk of unintended data loss or confusing data movement.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The compression routine irreversibly truncates memory content to 100 characters, changes metadata, and overwrites the index in place. Because this destroys original information without warning or recovery support, it can cause permanent loss of user data and materially alter the integrity of stored memories.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The consolidate operation deletes entries considered duplicates using a simplistic similarity key based on the first 50 lowercased characters, then rewrites the index without confirmation. This can wrongly remove distinct memories that share a prefix, causing unintended data loss and integrity issues in a context where stored memory is likely important to the user.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The export function writes all memory contents to files in the current working directory, potentially persisting sensitive user data to an unintended or less protected location. In agent or automation environments, cwd may be shared, synced, or monitored, so exporting without clear warning or explicit destination selection can expose confidential information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal