S³ Memory Forensics

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only memory forensics guide whose sensitive commands are disclosed and aligned with its stated purpose, but they require strict authorization and careful handling.

Install this only for legitimate memory forensics or incident response. Before running commands, confirm you are authorized to inspect the target system, understand live-system impact, and store memory dumps and extracted artifacts securely because they may contain passwords, tokens, private activity, and business-sensitive data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The credential-extraction section goes beyond passive memory triage and includes hash dumping, LSA secrets, cached credentials, and Mimikatz-style extraction guidance. Even in a memory-forensics skill, these capabilities are dual-use and directly enable credential theft if used outside a tightly scoped forensic or IR context.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill provides actionable memory acquisition, root-level commands, process dumping, and credential-extraction steps without any safety framing about authorization, live-system impact, privacy, or legal sensitivity. This omission increases the risk that an agent will present invasive instructions in inappropriate contexts or against systems the user is not permitted to inspect.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal