Back to skill

Security audit

Agent Memory System New

Security checks across malware telemetry and agentic risk

Overview

This local memory skill is mostly purpose-aligned, but its installer can add recurring background jobs without clear opt-in and its scripts can move or replace local workspace files.

Install only if you want persistent local agent memory and scheduled background maintenance. Review the crontab changes first, run garbage collection with dry-run before enabling automation, and avoid storing sensitive personal or business data in the memory directory unless you are comfortable with future agents reading it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The installer adds recurring cron jobs that are not clearly called out by the skill description and does so automatically during installation. Persistent scheduled execution increases risk because future script changes, compromised script files, or unexpected job behavior will continue running without fresh user approval.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs automated garbage collection, archiving, reflection record creation, and skill generation that modify files under the workspace, but it does not present a clear warning that user data will be moved and new files/directories will be created automatically. In an agent skill context, undocumented write/move behavior can surprise users, cause accidental data loss or confusion, and increase risk if paths or scripts are misconfigured.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script modifies the user's crontab without explicit warning or consent immediately before making a persistent system change. This is dangerous because users may not realize they have installed autonomous background execution, which can affect privacy, system behavior, and trust boundaries over time.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script recursively deletes an existing skill directory with `rm -rf` after only a minimal prompt, and the target path is derived from user-controlled input (`SKILL_NAME`) and a configurable workspace path. In a skill-management context where data is persistent and valuable, accidental or malformed input can cause irreversible loss of local data, especially if the computed path is broader than intended.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script automatically creates and modifies files in the user's workspace, including generating a daily reflection and appending health statistics to INDEX.md, without any explicit consent, dry-run mode, or interactive confirmation. In an agent skill context, unattended writes to long-term memory files can overwrite user expectations, pollute persistent state, and create integrity issues because the agent is operating on user data on a schedule.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.