Back to skill

Security audit

Memory Hamster

Security checks across malware telemetry and agentic risk

Overview

Memory Hamster is a coherent local memory tool, but it needs review because it creates durable memory, scheduled background file changes, and future-agent instruction changes without enough privacy and control boundaries.

Install only if you intentionally want long-lived local agent memory. Before enabling cron, review the exact workspace path, run dry-runs where available, keep backups, and know how to remove the cron entries. Do not store secrets, credentials, raw private prompts, or full error dumps in memory files; review and prune retained notes regularly. Require manual review before promoting memories into SOUL.md, AGENTS.md, TOOLS.md, or generated skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises automatic archiving and scheduled maintenance over memory data, but it does not clearly warn users that these scripts will modify, move, and retain their files over time. In a memory-management skill, this can lead to unintended persistence, silent data relocation, or loss of easy visibility into sensitive historical content if users enable the cron jobs without understanding the consequences.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises automated GC and nightly reflection jobs that move files, create records, and update health statistics, but it does not clearly warn that these tasks mutate persistent workspace data. In an agent context, silent background file modification can lead to unintended data loss, overwrite of user content, or execution of persistent changes without informed consent.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill extraction feature generates new `skills/<skill-name>/SKILL.md` files from learning records, but the documentation does not prominently disclose that running it will create new files in the workspace. That can surprise users, especially in repositories with strict review or build rules, and may allow unintended persistence of conversation-derived content.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to persist user corrections, requests, and conversation-derived details into long-term learning files. In practice, those records may contain sensitive personal data, proprietary project details, credentials accidentally mentioned in chat, or private preferences that then persist across sessions and can later be surfaced or exfiltrated.

Ssd 3

Medium
Confidence
95% confidence
Finding
The templates explicitly encourage storing complete context, error text, inputs, parameters, environment details, and user needs in persistent markdown records. Those categories frequently contain API keys, stack traces with secrets, internal URLs, customer information, or sensitive workflow details, making the storage format a plain-language data leakage risk.

Ssd 3

Medium
Confidence
93% confidence
Finding
The semantic search feature explicitly supports searching personal or user memory across sessions, which increases the likelihood that previously stored private information will be retrieved in unrelated future contexts. Cross-session resurfacing of natural-language memory is dangerous because it can reveal past user data to later prompts, agents, or outputs without the original user's intent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.