Skill Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is a local memory helper, but it automatically saves task details and can steer future skill choices without clear opt-in or cleanup controls.

Install only if you intentionally want a self-updating skill-routing memory. Review references/memory.json periodically, avoid storing secrets or private task details in scenarios or parameters, and use a dedicated browser/profile when applying the Chrome CDP screenshot preset.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill advertises very broad activation conditions such as selecting skills, recording new usage, updating parameters, and looking up presets, which can cause it to trigger for many unrelated tasks. In context, this is risky because the skill also performs persistent state changes, so over-broad invocation increases the chance of unintended writes and routing decisions being applied without user awareness.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs automatic recording and updating of a workspace memory file, but provides no notice, consent flow, retention policy, or sensitivity filtering. This creates a real privacy and security risk because task types, scenarios, and parameters may contain user data that gets persistently stored in a predictable location.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The workflow says to always record new skill usage and always update memory when scenarios or parameters differ, making persistence mandatory rather than contextual. In this skill, that materially increases risk because scenario text and parameter JSON can easily include sensitive or identifying information that will be retained and reused.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The instruction to always record and update usage memory can capture sensitive task details, scenarios, and parameters in a persistent file, potentially including personal data, internal project names, URLs, tokens, or other confidential inputs. The danger is heightened here because the workflow normalizes automatic retention and gives examples of storing free-form scenario descriptions and parameter objects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal