Back to skill

Security audit

Memos Cli

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Memos CLI helper, with disclosed credential use and data-changing commands, though users should avoid the inconsistent `go run .` admin example.

Install only if you trust the external Go CLI source, consider pinning a version instead of using `@latest`, provide the least-privileged Memos API key needed, avoid storing secrets in committed files, confirm destructive or public-visibility changes, and use `memos-cli` rather than the `go run .` example.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill explicitly tells agents to use the installed `memos-cli` binary and not `go run .`, yet the admin workflow contradicts that guidance by invoking `go run .`. In an agent setting, this can cause execution of arbitrary local repository code rather than the intended installed CLI, which is riskier because the repository contents may be modified, unreviewed, or attacker-controlled.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The example normalizes use of `go run .` in a skill whose purpose is to steer agents toward a safer canonical binary. That inconsistency can bypass the safety boundary implied by using an installed tool and may lead agents to run repository code without recognizing that this is materially different from invoking the packaged CLI.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.