Back to skill

Security audit

Agent Memory 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a local SQLite memory tool that does what it advertises, but users should treat its saved memories and exports as private data.

Install only if you want an agent to retain information across sessions. Avoid saving secrets, credentials, regulated data, or third-party personal details without consent; periodically review or delete the local database and handle exports as sensitive private files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly promotes persistent storage of agent and user-related memory across sessions, including preferences, lessons, entities, and exported data, but provides no privacy, consent, minimization, or sensitive-data handling guidance. In an agent skill, this is dangerous because operators may store personal, confidential, or regulated information by default, creating retention, disclosure, and compliance risks if the database is accessed, exported, or reused without safeguards.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly promotes persistent memory of facts, lessons, and entity data across sessions, but provides no notice about privacy, consent, retention, or handling of sensitive information. In an agent context, this can lead to silent collection and long-term storage of personal, confidential, or regulated data derived from user conversations.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The session-end protocol instructs agents to extract durable facts from conversations and store lessons and entity updates automatically, without any privacy gate or user approval step. This makes the risk more acute because it operationalizes silent persistence as a routine behavior, increasing the chance of retaining sensitive user data beyond the original interaction.

Missing User Warnings

Low
Confidence
90% confidence
Finding
Documenting a default on-disk database location confirms that memory is persisted locally across sessions, but the skill does not explain retention, access controls, or privacy implications. While the path itself is not inherently dangerous, the lack of disclosure and safeguards can cause users to underestimate that conversation-derived data will remain stored on disk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This module persistently stores user-related facts, lessons, and entities in a local SQLite database under the user's home directory by default, but it provides no notice, consent flow, retention disclosure, or privacy controls. In an agent context, this increases the risk of silently accumulating sensitive personal, behavioral, or organizational data across sessions, which can surprise users and create privacy and compliance issues.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The module exposes permanent deletion operations such as `forget` and bulk cleanup via `forget_stale` without any confirmation, soft-delete mechanism, backup, or recovery path. In an autonomous agent setting, an incorrect call, bad prompt interpretation, or malicious workflow chaining could irreversibly destroy stored memory and operational context, causing data loss and auditability problems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.