Memory Tiering

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it organizes agent memory, but users should know it can summarize and prune remembered context.

Install this if you want automated memory cleanup. Before relying on it, consider asking the agent to preview or back up memory changes before pruning, and avoid keeping raw secrets in memory files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill is designed to reorganize and prune stored memory, but it does not require explicit user confirmation, backup creation, or a warning that stored data may be modified or lost. In a memory-management skill, this omission is dangerous because invoking the workflow could silently alter durable context, summaries, or archives in ways that are hard to reverse.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: These steps explicitly instruct the agent to remove details from COLD memory and prune context, yet they provide no safeguard against irreversible data loss or over-aggressive summarization. Because the skill operates on memory stores that may contain important historical decisions or references, a mistaken or broad invocation could destroy useful context and impair future operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal