Back to skill

Security audit

Memory Research

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does public web research and proposes Basic Memory notes with user approval, with no hidden installer or executable code found.

Install this if you want an agent to research public subjects and maintain structured Basic Memory entries. Be explicit when a name or URL is not meant as a research request, review sources and proposed note contents before approving writes or edits, and avoid approving storage of sensitive personal or business context unless you want it retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill explicitly auto-activates on very weak signals such as a bare name or URL, which can cause the agent to perform web research and memory-related actions without sufficiently clear user intent. In a system that can search external sources and write or edit notes, this increases the risk of unintended data collection, privacy issues, unnecessary external requests, and accidental knowledge-base modification triggered by ordinary conversation fragments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.