Back to skill

Security audit

Memory Harness

Security checks across malware telemetry and agentic risk

Overview

This memory skill is mostly purpose-aligned, but it automatically handles persistent user/project context and logs raw user text without clear privacy controls.

Review before installing. This does not show malware, exfiltration, or destructive behavior, but it may recall, log, and persist sensitive conversation or project context automatically. Avoid using it with secrets, regulated data, personal data, or confidential work unless you can control logging, retention, writeback, and memory deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The logging section describes capture of session and recall metadata, and the broader TP4 context suggests user message text may also be logged, but the skill does not warn users about privacy implications or data retention. In a memory-oriented skill, this increases the risk of exposing sensitive conversational, project, and behavioral data through logs accessible to developers, operators, or downstream systems.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that high-signal information is written back to memory, but it does not provide explicit notice, controls, or boundaries for persistent storage. This is dangerous because sensitive decisions, identifiers, or personal/project details may be retained beyond the immediate interaction and later surfaced in unrelated contexts or accessed by unauthorized parties.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly describes writing high-signal conversation-derived information back to memory, but provides no user notice, consent boundary, retention rule, or restriction on sensitive content. In a memory harness that runs automatically, this creates a real privacy/security risk because users may unknowingly have personal, project-confidential, or security-relevant details persisted beyond the current session.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The structured logging design records session identifiers, intent, recall behavior, and execution-gate metadata without any privacy warning, minimization guidance, or retention controls. While the fields listed are mostly metadata, they can still reveal behavioral patterns, project linkage, and sensitive operational context, especially when correlated across sessions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The harness forwards raw user-provided text into a logging subprocess as the `message` field, which can cause sensitive prompts, secrets, personal data, or operational context to be persisted in logs without user awareness or minimization. In a memory/recall harness, inputs are especially likely to contain conversational history and extracted entities, so centralized logging increases privacy and data-retention risk even if there is no direct code-execution issue.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The execution intent patterns are overly broad, including fragments such as 'コードを' that can match many ordinary requests and route them into an implementation or execution path. In a memory harness that automatically influences recall and pre-execution gating, this can cause unintended code-edit behavior, incorrect retrieval of prior task state, or unsafe escalation toward file modification without sufficiently precise user intent.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.