Back to skill

Security audit

Memory Hierarchy

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory skill, but it automatically persists personal, project, and external-system context without clear consent, retention, or deletion controls.

Install only if you want the agent to keep persistent local notes about you, your work, and pointers to external systems. Set MEMORY_WORKSPACE to a directory you control, avoid storing secrets or regulated/confidential data, and periodically review or delete the memory files because the skill does not define consent, expiry, or deletion safeguards.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs persistent storage of user preferences, identity, feedback, and project context, but it does not tell users that this information will be written to disk and retained over time. This creates a privacy and consent gap: sensitive personal or organizational context may be stored unexpectedly and later exposed to other agents, operators, or repository users.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells the agent to store references to external systems such as Linear, Slack, and Grafana, but gives no warning that these references may be persisted. Even if only pointers are stored, they can reveal internal tooling, project names, system locations, and operational context that increase organizational exposure if memory files are shared or accessed by unauthorized parties.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill broadly directs the agent to retain user identity, preferences, goals, project context, and external-system references as long-term memory. This is dangerous because it encourages collection and persistence of potentially sensitive personal and organizational data beyond the immediate session, increasing the risk of unintended disclosure, over-retention, and secondary use without user awareness.

Ssd 3

Medium
Confidence
94% confidence
Finding
The read/write workflow instructs the agent to read all memory files, classify them, and maintain dated long-term records, which promotes comprehensive aggregation and retention of user data. Centralized accumulation of historical memory increases blast radius: a single disclosure, sync, or repository leak can expose a broad cross-section of user preferences, identity details, project history, and system references.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.