Ontology 1.0.4

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local knowledge-graph memory skill, with no evidence of hidden network access, credential theft, destructive behavior, or unrelated privilege use.

Install this only if you want persistent local agent memory in the workspace. Do not store secrets or highly sensitive personal data in the ontology graph, and review proposed memory writes when the agent is asked to remember or link facts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill explicitly reads and writes local workspace files under `memory/ontology/` and can create directories, but it does not declare permissions for those capabilities. Undeclared write access is dangerous because it weakens policy enforcement and user/operator understanding of what the skill may modify, especially for a shared-state memory skill that other skills may trust.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases are very broad, including generic language like "remember," "what do I know about," and cross-skill shared state access, which could cause the ontology skill to activate in many unrelated contexts. Because this skill persists structured memory and supports writes, unintended activation can lead to accidental data creation, linkage, or corruption of shared agent state that other skills may later consume.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal