HMR Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local persistent-memory integration, with privacy considerations but no artifact evidence of hidden network access, exfiltration, or destructive behavior.

Install this only if you want your agent to keep long-term memories across sessions. Keep the HMR service bound to localhost, do not point HMR_BASE_URL at an untrusted remote server, and avoid saving secrets or third-party content into memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The README makes a strong safety claim that the skill only connects to 127.0.0.1, but the documented HMR_BASE_URL setting allows users or packagers to point the skill at any host. That mismatch can create a false sense of safety and lead to deployment against remote services, increasing risks of memory exfiltration, unauthorized persistence, or exposure of sensitive recalled context if the endpoint is untrusted or Internet-reachable.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal