中式智慧记忆引擎

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed personal memory skill, but it persistently builds sensitive emotional, relationship, promise, preference, and trust profiles without enough user controls.

Install only if you deliberately want a persistent personal profiling and memory system. Avoid storing secrets or highly sensitive personal details, review and clean ~/.mflow-memory-cn regularly, use a narrowly scoped LLM_API_KEY, and inspect the inherited mflow-memory setup before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (11)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly states that user memory, promises, relationships, and inferred 'wisdom' data are stored persistently under a local directory, but it provides no privacy notice, consent flow, retention policy, or guidance on securing sensitive personal data. For a long-term memory skill that tracks preferences, emotions, and commitments, silent persistence increases the risk of collecting and retaining sensitive user information without informed consent or adequate protection.

Natural-Language Policy Violations

Medium

Confidence: 79% confidence
Finding: The skill is framed as applying a fixed 'Chinese wisdom' model, including relationship scoring, promise tracking, emotional temperature, and timing judgments, without indicating that users can opt out of this cultural lens. In a memory and inference system, hard-coded cultural assumptions can bias profiling, interpretation, and downstream decisions about users, especially when the system claims to infer intent, obligations, and social context.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill is designed to store and actively use inferred emotions, values, concerns, relationship intimacy, trust profiles, and commitment history, but it does not present a clear, prominent warning or consent mechanism for this profiling. This is dangerous because it normalizes covert collection of highly sensitive inferences that users may not realize are being retained and reused.

Natural-Language Policy Violations

High

Confidence: 88% confidence
Finding: The skill mandates a specific cultural and relational framing ('中国人的优秀基因', five-virtue model, relationship hierarchy) as the default behavior without user choice. This is risky because it can impose unwanted normative assumptions, bias memory handling and responses, and intensify collection of sensitive social inferences based on culturally loaded heuristics.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The engine persists raw user memory content and associated attributes without any visible notice, consent flow, retention controls, or sensitivity checks in this entrypoint. In a long-term memory skill that tracks emotions, concerns, promises, and relationship state, silent persistence increases privacy risk because users may disclose sensitive personal information without realizing it is being stored and later reused.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The code persists highly sensitive content including raw user memories, inferred emotions, values, concerns, and promise-related context to plaintext JSONL files under the user's home directory without any consent flow, notice, access controls, retention policy, or minimization. In a long-term memory skill, this materially increases privacy risk because intimate profile data can be exposed to other local users, backups, malware, or later components that read the files without the user's informed awareness.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: This module persistently stores promise content, context, deadlines, explanations, and fulfillment notes under the user's home directory without any consent flow, disclosure, access controls, or retention limits. In a long-term memory skill, this is more dangerous because the stored data can reveal sensitive personal commitments, schedules, and relationship context, and any local user/process with access to those files may read or tamper with them.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This code persistently stores sensitive user behavioral data, including preferences, experiences, and rejection patterns, in local JSONL files under the user's home directory without any visible consent, retention control, minimization, or protection mechanism. In a long-term memory skill, this increases privacy risk because intimate profiling data may accumulate silently and be exposed to other local users, backups, malware, or later unintended reuse.

Ssd 3

Medium

Confidence: 95% confidence
Finding: These instructions direct the system to build persistent relationship tiers, intimacy scores, timing judgments, and emotional-state-based behavior adjustments beyond immediate task completion. Such long-term profiling increases privacy risk, enables manipulative or discriminatory treatment, and creates a sensitive dossier that could be misused or exposed.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The storage rules require broad retention of user decisions, reasons, commitments, preferences, and project history, which can accumulate into a detailed behavioral record far beyond immediate operational need. This increases the blast radius of any compromise and may expose sensitive life patterns, obligations, or personal priorities.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The examples explicitly encourage saving inferred emotions, values, and concerns derived from ordinary user statements. These are sensitive inferences rather than user-provided facts, so persisting them materially raises privacy leakage, misprofiling, and downstream manipulation risks if the inferences are wrong or later reused in other contexts.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal