Muninn Memory

Security checks across malware telemetry and agentic risk

Overview

This is a memory skill that stores and retrieves agent memories, with disclosed local/cloud model integrations that need privacy-aware configuration.

Install only if you are comfortable with an agent memory database. Use local mode for private data, verify which environment variables are set, avoid storing secrets, and understand that cloud/OpenAI/Gemini modes or local Ollama processing can receive memory content or queries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (12)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises executable behavior that uses environment variables and network access, but the metadata declares no permissions. This creates a transparency and trust problem: users or hosting platforms may authorize or sandbox the skill incorrectly, while the skill can still handle secrets and transmit data externally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 79% confidence
Finding: The skill description materially understates the breadth of behavior, including external services, audit/access tracking, integrity tooling, procedure evolution, and other advanced operations beyond a simple memory system. This mismatch can mislead users into granting trust or deploying the skill without understanding its real attack surface and data-handling behavior.

External Transmission

Medium

Category: Data Exfiltration
Content: _b.label = 1; case 1: _b.trys.push([1, 4, , 5]); return [4 /*yield*/, fetch('http://localhost:11434/api/generate', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({
Confidence: 91% confidence
Finding: fetch('http://localhost:11434/api/generate', { method: 'POST'

Context Leakage

High

Category: Data Exfiltration
Content: // HELPER FUNCTIONS // ============================================ function createEntity(text, type, confidence, fullText) { // Extract context (surrounding words) var index = fullText.toLowerCase().indexOf(text.toLowerCase()); var start = Math.max(0, index - 20); var end = Math.min(fullText.length, index + text.length + 20);
Confidence: 91% confidence
Finding: Extract context

External Transmission

Medium

Category: Data Exfiltration
Content: _a.label = 1; case 1: _a.trys.push([1, 4, , 5]); return [4 /*yield*/, fetch('http://localhost:11434/api/generate', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({
Confidence: 95% confidence
Finding: fetch('http://localhost:11434/api/generate', { method: 'POST'

External Transmission

Medium

Category: Data Exfiltration
Content: Entities (JSON array):`; try { const response = await fetch('http://localhost:11434/api/generate', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({
Confidence: 89% confidence
Finding: fetch('http://localhost:11434/api/generate', { method: 'POST'

External Transmission

Medium

Category: Data Exfiltration
Content: _a.label = 1; case 1: _a.trys.push([1, 4, , 5]); return [4 /*yield*/, fetch('http://localhost:11434/api/generate', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({
Confidence: 89% confidence
Finding: fetch('http://localhost:11434/api/generate', { method: 'POST'

External Transmission

Medium

Category: Data Exfiltration
Content: }`; try { const response = await fetch('http://localhost:11434/api/generate', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({
Confidence: 94% confidence
Finding: fetch('http://localhost:11434/api/generate', { method: 'POST'

External Transmission

Medium

Category: Data Exfiltration
Content: const maxTokens = options?.maxTokens || 100; try { const response = await fetch('https://api.openai.com/v1/chat/completions', { method: 'POST', headers: { 'Content-Type': 'application/json',
Confidence: 90% confidence
Finding: fetch('https://api.openai.com/v1/chat/completions', { method: 'POST'

External Transmission

Medium

Category: Data Exfiltration
Content: const model = options?.model || OPENAI_MODEL; try { const response = await fetch('https://api.openai.com/v1/chat/completions', { method: 'POST', headers: { 'Content-Type': 'application/json',
Confidence: 83% confidence
Finding: fetch('https://api.openai.com/v1/chat/completions', { method: 'POST'

External Transmission

Medium

Category: Data Exfiltration
Content: const maxTokens = options?.maxTokens || 100; try { const response = await fetch('https://api.openai.com/v1/chat/completions', { method: 'POST', headers: { 'Content-Type': 'application/json',
Confidence: 90% confidence
Finding: https://api.openai.com/

External Transmission

Medium

Category: Data Exfiltration
Content: const model = options?.model || OPENAI_MODEL; try { const response = await fetch('https://api.openai.com/v1/chat/completions', { method: 'POST', headers: { 'Content-Type': 'application/json',
Confidence: 83% confidence
Finding: https://api.openai.com/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal