Real Memory Continuity

Security checks across malware telemetry and agentic risk

Overview

This is a local memory/reflection helper that openly stores and resurfaces notes; it is privacy-sensitive but not hidden, networked, credential-seeking, or destructive.

Install only if you want local cross-session memory. Do not run reflection on sensitive transcripts you do not want retained, review the memory directory periodically, and enable heartbeat integration only when automatic post-session reflection is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documentation clearly indicates access to environment variables and persistent file writes via exported configuration and on-disk memory/reflection files, yet it declares no permissions. This creates a transparency and policy-enforcement gap: operators may authorize or install the skill without realizing it can persist user-derived data locally and consume environment-driven behavior.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The documented behavior goes beyond the stated purpose by introducing broader local state management and interactive flows not reflected in the high-level description. That mismatch undermines informed consent and review, because users may think they are enabling passive reflection while the skill also manages persistent identity/question state and other local operations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill advertises cross-session memory integration and follow-up question surfacing without clearly warning that user conversation details may be retained over time. In practice, this can lead to collection and reuse of sensitive personal, project, or relationship information without meaningful notice or consent.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The file structure explicitly includes persistent storage for identity, questions, relationship memories, and reflections, but it does not warn that these files may contain highly sensitive inferred data. Writing such data to disk increases exposure through local compromise, backups, multi-user systems, or accidental disclosure.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill persists session-derived questions, identity notes, and reflection logs to local files without any explicit consent, warning, retention policy, or sensitivity filtering. In a continuity/memory skill, this context makes the issue more dangerous because users are likely to share personal, sensitive, or confidential conversation content that can accumulate on disk and later be exposed to other local users, backups, or unrelated tooling.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill is designed to persist and later resurface user/session information in natural language, but it lacks clear minimization rules, consent boundaries, or restrictions on sensitive categories. Because the skill context is explicitly about long-term memory and relationship/identity development, the risk is amplified rather than reduced: sensitive inferences are a core output, not an incidental byproduct.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The heartbeat integration directs automatic post-session reflection after idle time, which means conversation contents may be retained and transformed into structured memories without a fresh user action. Automatic background processing of prior conversations is dangerous because it reduces user awareness and can capture sensitive material that would not have been intentionally saved.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The example reflection output demonstrates storage of named personal/project details, commitments, relationship inferences, and strategic questions for future resurfacing. This is especially risky because it normalizes retention of inferred interpersonal state and project-sensitive details, which could expose private information, manipulate future interactions, or create profiling records if the storage is accessed by others.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal