Back to skill

Security audit

Depth Memory

Security checks across malware telemetry and agentic risk

Overview

This is a local long-term memory skill that writes searchable Markdown notes in the workspace, with privacy cautions but no evidence of hidden exfiltration or destructive behavior.

Install only if you want this workspace to keep a persistent searchable knowledge base. Treat DEEP-MEMORY.md and deep-memory/ as durable records that may be committed or shared if your workspace is synced, and do not store credentials, tokens, private personal data, regulated data, or confidential documents unless you intentionally want them retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad enough to activate on ordinary knowledge questions, links, or vague references to past conversations, which can cause the skill to run unexpectedly and influence agent behavior outside narrowly intended cases. In this context, unexpected activation matters because the skill is not read-only: it can lead to persistent storage and indexing of content in workspace memory files.

Vague Triggers

Low
Confidence
83% confidence
Finding
The examples describe when to use deep-memory, but they do not clearly distinguish between merely searching existing memory and creating a new long-term record. That ambiguity can cause the agent to over-collect or persist information based on weak signals, especially in normal conversational use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs running initialization that creates directories, writes index files, and inserts a test record into the workspace, but it does not clearly warn that installation changes user files. Hidden or underexplained file writes are dangerous because they can surprise users, pollute repositories, and create persistence in locations that may later be committed or shared.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages storing external materials and long-term knowledge but does not warn against saving secrets, personal data, credentials, or other sensitive user content. In a memory system, this omission is significant because persistence and indexing make accidental retention easier and broaden later exposure through search or repository sync.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instructions normalize retaining and indexing conversationally derived material in long-term memory without any visible sensitivity screening or consent boundary. That is dangerous because users may mention private facts, internal project details, or credentials during normal conversation, and the skill frames persistence as routine rather than exceptional.

Ssd 3

Medium
Confidence
97% confidence
Finding
The workflow explicitly tells the agent to write complete content into deep-memory files, creating broad persistent capture of user-supplied or externally sourced material. Full-content retention substantially increases exposure if the memory store is later searched, synced, shared, or committed, and it raises the chance that sensitive data will be preserved indefinitely.

Ssd 3

Medium
Confidence
96% confidence
Finding
The trigger conditions encourage proactive storage of links, knowledge, and conversation-derived material whenever certain broad task patterns appear, even before clear consent boundaries are established. In this skill's context, that is especially risky because the same trigger area combines broad activation with durable persistence, making unintended sensitive data capture more likely and more lasting.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.