Security audit

dob

Security checks across malware telemetry and agentic risk

Overview

This is a persistent memory skill that is broadly useful, but it can store workspace knowledge with unclear consent and is under-described as a generic toolbox.

Review before installing. Use it only if you want a workspace-level long-term memory system, require explicit confirmation before any save, avoid storing secrets or confidential material, and do not run the referenced setup scripts unless you can inspect their contents.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger conditions are broad enough to activate on many ordinary knowledge-seeking interactions, which can cause the agent to consult or write persistent memory when the user did not clearly request that behavior. In this skill, that overbreadth matters because activation is coupled to storage and retrieval workflows, increasing the chance of unintended persistence or use of stale private data.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The usage guidance does not cleanly constrain when deep-memory should be used versus ordinary memory, leaving the agent to make subjective decisions about routing user content. That ambiguity can lead to unnecessary access to persistent stores and accidental retention of information beyond what is needed for the task.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill explicitly encourages storing broad categories of user facts, preferences, and project context without any sensitivity filter, minimization rule, or retention boundary. In a memory tool, this is particularly dangerous because it normalizes persistent collection of personal or confidential information that may later be surfaced in unrelated contexts.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill tells the agent to save document or learned content into deep memory for later reuse, but it does not require summarization, redaction, or sensitivity review before persistence. Because the feature is designed for long-term retention, verbatim storage can capture proprietary text, private links, or sensitive user-supplied material and expose it in future sessions.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The add workflow instructs the agent to write the complete content into persistent files, creating a direct retention path for any sensitive data present in prompts, documents, or fetched material. This is a concrete data-handling risk because the workflow operationalizes long-term storage without data classification, minimization, or consent controls.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The trigger section encourages proactively saving user-supplied links, extracted knowledge, and related material into memory, which broadens collection well beyond narrowly necessary task data. In context, this is more dangerous because the skill is framed as a general toolbox memory layer, so these triggers can cause routine inputs to be captured and retained persistently without clear consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal