Synapse Layer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate SynapseLayer memory integration, but it needs review because it can transmit and persist agent memories externally while its privacy and isolation controls are under-specified.

Install only if you trust SynapseLayer and intend to use an external persistent memory service. Do not store secrets, regulated data, confidential customer content, or sensitive prompts unless you have verified the service’s retention, deletion, encryption, and cross-agent isolation controls. Use scoped disposable API keys for testing, separate agent IDs per project or trust boundary, and avoid running the test script in shared logs until the API-key printing is removed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The script header says it tests only connectivity and basic operations, but it also performs a cross-agent search that enumerates memories across all agents. That mismatch is security-relevant because operators may run the script with broader privileges than intended, causing unnecessary exposure of other agents' data during what appears to be a benign connectivity test.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill's frontmatter uses a very broad 'Use when' description covering generic memory configuration, storage/retrieval, sharing, troubleshooting, and framework integrations. That breadth can cause the agent to invoke this skill in routine memory-related situations without clear user intent, increasing the chance of unnecessary external data transmission to SynapseLayer or inappropriate reliance on this skill for sensitive persistence operations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises cross-agent memory sharing and search as a capability but does not present an explicit privacy warning, consent requirement, or boundary guidance in the invocation description. In an agent environment, this can lead to one user's or agent's data being surfaced to another context, creating confidentiality and data-minimization risks even if the backend applies encryption or redaction.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The API reference explicitly documents storing user memory content and returning security-related fields, but it does not warn users that potentially sensitive personal data may be transmitted to and retained by an external system. In a memory-oriented agent skill, this omission can cause developers to send preferences, personal details, or other sensitive context without informed consent, increasing privacy, compliance, and data-minimization risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The MCP/HTTP documentation shows free-form text being sent for processing without disclosing that arbitrary user input may be transmitted to a remote service for analysis. Because free-form text often contains credentials, personal data, or confidential business information, the lack of warning makes accidental over-sharing materially more likely in agent integrations.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The examples explicitly store and recall user preference data, which normalizes persistence of potentially sensitive behavioral information without any notice about consent, retention, minimization, or privacy boundaries. In an integrations guide, developers often copy-paste snippets directly, so omitting warnings increases the chance that real user data is persisted insecurely or unexpectedly.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The model handover section encourages sharing memories between models via a shared agent identifier, but does not warn that this can broaden access to stored data across systems, vendors, or trust boundaries. That omission can lead developers to expose sensitive memory contents to additional models or services without validating permissions, data classification, or cross-provider privacy implications.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The client transmits user-supplied memory content, tags, and project metadata to an external remote service, but the code provides no user-facing disclosure, consent step, or privacy guardrail. In an agent skill context, callers may pass sensitive prompts, credentials, personal data, or internal business information into `remember()` without realizing it will leave the local environment.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: `process_text()` sends free-form text to an external service for analysis, which can expose highly sensitive unstructured data such as prompts, chat logs, documents, or incident details. Because there is no explicit privacy warning, consent mechanism, or sanitization step, users of the skill may unknowingly transmit confidential information off-box.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The script prints the first 20 characters of the API key to stdout, which leaks credential material into terminals, logs, CI output, shell history captures, or screen recordings. Even partial secret disclosure weakens secrecy, helps key identification/correlation, and can materially aid an attacker if prefixes are meaningful or reused in debugging and support workflows.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal