Security audit

Human Like Memory

Security checks across malware telemetry and agentic risk

Overview

This is a real local memory skill, but it can automatically store and later reuse personal conversation details with weak consent and retention boundaries.

Review carefully before installing. Use it only if you are comfortable with local, searchable memories being created from conversations and later injected into prompts. Turn off automatic remembering where possible, avoid storing secrets, credentials, health, financial, exact location, or confidential work data, and review/delete the memory files regularly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill declares itself as a local memory-management component, but the documented behavior includes automatic dependency installation and references to publishing/login workflows that go beyond the stated purpose. This creates a trust-boundary problem: users may install what appears to be a passive context tool while actually triggering package installation and model downloads, increasing supply-chain and arbitrary code-execution risk if dependencies or scripts are compromised.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The README describes automatic capture of 'important information' including preferences, decisions, and contact information from normal conversation, which creates a real privacy and data-minimization risk. In an agent memory skill, automatically persisting sensitive user data without explicit, granular consent can lead to over-collection, retention of personal data, and later unintended disclosure through retrieval or export features.

Ssd 3

Medium

Confidence: 88% confidence
Finding: The '/remember this' command is broad and ambiguous because it can encode 'important information' from the current conversation rather than a clearly scoped user-provided item. That increases the chance of sweeping in nearby sensitive content, third-party data, or transient secrets that the user did not intend to persist long-term.

Ssd 3

Medium

Confidence: 93% confidence
Finding: Bulk export of all memories as JSON materially increases the blast radius of any misuse because it enables one-step disclosure of the full accumulated memory store in plain form. In the context of a system designed to retain user preferences, schedules, and contact details, export becomes a powerful exfiltration mechanism if triggered by an unauthorized actor or exposed through another prompt/command path.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal