Install Powermem Memory Minimal

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PowerMem installation guide, but it recommends running an unpinned remote shell installer with automatic approval.

Before installing, download and inspect the GitHub install script, prefer a pinned release or verified checksum if available, and avoid storing sensitive information in long-term memory unless you know how to inspect, disable, or delete it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly recommends piping a remotely fetched script directly into bash without any integrity verification, review step, pinning, or safety warning. If the upstream repository, network path, or referenced branch is compromised, users could execute arbitrary code on their machine immediately, making this materially dangerous in an installation context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal