Security audit

Deep Token Saver

Security checks across malware telemetry and agentic risk

Overview

This token-saving skill is not malicious, but it gives the agent guidance around persistent memory mutation and local authenticated maintenance commands without enough user control details.

Install only if you intentionally want the agent to help manage persistent memory, not just shorten replies. Back up memory stores first, require explicit approval before consolidation or deletion, verify the referenced Remnic and Python helper components yourself, keep the bearer token private, and confirm how to stop the startup task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill documentation includes commands that interact with a local service over bearer-token-protected endpoints and runs local maintenance actions unrelated to simple token-saving behavior. Even though the file is documentation, embedding operational commands in a skill can nudge an agent or user to execute privileged actions, expanding the skill's effective capability and increasing the risk of unauthorized memory modification or local environment interaction.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.