Back to skill

Security audit

Agentmemory Agents

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent, but it should be reviewed because it tells agents to make persistent host-agent configuration changes without enough scoping or user-control detail.

Review before installing. This skill is not malicious based on the artifact, but it can cause an agent to change your host coding-agent configuration to add agentmemory. Use it only when you intend to connect agentmemory, and prefer asking the agent to show the exact command, affected config path, and backup or rollback plan before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill description is broad enough to match generic questions about supported agents or installation scenarios, which can cause unintended invocation outside a narrowly scoped task. Because this skill recommends configuration-changing actions, over-broad triggering increases the chance an agent suggests or initiates host configuration changes when the user only asked for informational guidance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow explicitly directs running `agentmemory connect <agent>`, which modifies the host agent's configuration, but it does not warn that config files will be edited, identify which files may change, or require confirmation or backup. In a skill that may be auto-invoked by an agent, this makes unintended persistent configuration changes more likely and could alter tool availability or agent behavior without informed user consent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.