local-memory-skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory skill that stores selected notes on disk, with privacy considerations but no evidence of hidden, networked, destructive, or credential-stealing behavior.

Install this only if you want the agent to retain local notes across conversations. Periodically inspect the memory directory, remove stale or sensitive entries, and avoid storing secrets, credentials, private keys, or regulated personal information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger conditions are broad enough that the skill may activate automatically at conversation start or whenever the user mentions remembering something, causing reads or writes to persistent local storage without sufficiently explicit, per-event consent. In a memory skill, this increases the risk of collecting and retaining sensitive user data unintentionally across sessions, even without any network exfiltration.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to proactively write important session content into local memory before context limits, but it does not require a clear user-facing warning or consent flow for persistent storage. This is dangerous because users may disclose personal, confidential, or regulated information during normal conversation without realizing it will be retained on disk across sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal