Back to skill

Security audit

Session Memory

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local memory tool, but it needs review because it stores plaintext memories and has script argument handling bugs that crafted inputs could abuse.

Install only if you are comfortable with agent memories being kept as local plaintext files. Do not store API keys, passwords, tokens, or sensitive raw data in this memory store; use vault references instead. Avoid letting untrusted prompts, imported backups, or external content choose script arguments until the input-interpolation issues are fixed, and treat exports/backups as sensitive files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The README promotes persistent storage, editing, deletion, export/import, and pruning of user memory data but does not warn users that data is written to a long-lived location under ~/.agent-memory or that deletion/pruning can permanently alter or remove stored context. In an agent-memory skill, this omission can lead to accidental storage of sensitive information and irreversible data loss because users may reasonably treat the feature as transient conversational context rather than durable local records.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation explicitly recommends saving credential-related information in persistent local memory ('credential' with 'API key rotated...'). Even though it references a vault, normalizing credential storage in a searchable memory store can lead users or agents to persist secrets, which may later be exposed through recall, export, context loading, backups, or local filesystem compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script aggregates and prints recent memory entry contents from a persistent agent memory store, which may contain sensitive prompts, decisions, tokens, or user data. Because it outputs raw content directly to stdout in both human-readable and JSON modes without redaction, confirmation, or access controls, it can unintentionally expose stored secrets to terminal logs, calling tools, or downstream consumers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.