金字塔记忆架构

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is mostly a coherent memory-template initializer, but it also teaches agents to create persistent rules, send reminders, and reorganize local memory files with unclear consent boundaries.

Install only if you want an agent to create and follow persistent memory files. Before using it, narrow the trigger conditions, require explicit opt-in before any outbound message, and require confirmation before moving, archiving, or rewriting local memory files.

SkillSpector (4)

By NVIDIA

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description states it applies to 'all new sub-Agent workspace initialization' and lists broad triggers such as creating a new Agent, workspace initialization, memory architecture design, and redundancy checks. This broad matching can cause the skill to be auto-selected in unrelated contexts, increasing the chance that its instructions reshape an agent's memory/rule hierarchy or expose configuration practices more often than intended. In context, this is more dangerous because the skill governs where durable rules and sensitive local configuration notes are stored, so accidental invocation affects persistent behavior rather than a one-off task.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The heartbeat workflow instructs the agent to send reminder messages automatically once a trigger time is reached, but it does not require explicit user consent, preview, or any user-visible notice that outbound messaging will occur. In an agent memory/automation skill, this creates a real risk of unsolicited communications, privacy leakage, and actions being taken outside the user's immediate awareness.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The self-improving check tells the agent to reorganize indexes or archive files when changes are detected under ~/self-improving/, but it does not clearly warn that user files may be modified or require confirmation before making those changes. Because this skill is meant to initialize agent memory architecture, such instructions normalize autonomous file maintenance and can lead to unintended modification, data loss, or hard-to-audit changes in user-controlled content.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger rule uses a very broad natural-language pattern, '用户说「开始 XXX 任务」→ 读取项目进度', without any project scoping, authorization check, or confirmation boundary. In an agent memory architecture skill, this can cause unintended activation and retrieval of project state for the wrong workspace, increasing the risk of cross-project data exposure or execution in the wrong context.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal