Back to skill

Security audit

omnimemory-full-onboarding

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for OmniMemory setup, but it gives an agent broad authority to handle credentials, create accounts/API keys, install a code plugin, mutate persistent config, and enable automatic remote memory capture without enough consent and privacy scoping.

Install only if you trust the OmniMemory service and the @omni-pt plugin publisher. Use a unique password and revocable API keys, review each command before it runs, consider setting autoRecall and autoCapture to false until you understand what data is stored, and back up existing OmniMemory config before allowing repair commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase "help me to install OmniMemory" is broad enough to match ordinary support requests, but this skill performs high-risk actions including account registration, API key creation, plugin installation, and configuration changes. That creates a risk of over-invocation, where a casual request could cause the agent to solicit secrets or make consequential changes the user did not clearly authorize.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description advertises end-to-end onboarding, API key handling, third-party key binding, and installation/configuration work, but it does not prominently warn that the workflow will collect secrets, create accounts, and change local configuration. In practice, that omission can cause users or upstream orchestrators to invoke the skill without informed consent for sensitive operations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide instructs users to enable `autoRecall` and `autoCapture` by default but does not disclose that these features may send prompts, responses, or other conversation-derived content to a remote memory service. In an onboarding/install skill, this omission is materially risky because users may unknowingly enable persistent remote data transmission and storage, creating privacy, compliance, and data-handling exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.