Back to skill

Security audit

Hippocortex

Security checks across malware telemetry and agentic risk

Overview

This is a real memory integration, but it automatically sends and stores conversation content with broad triggers and limited user control.

Install only if you intentionally want Hippocortex to receive and persist conversation-derived data. Prefer environment variables over a plaintext workspace config file, confirm the base URL, avoid storing secrets or regulated information, and look for provider controls to review and delete memories before using it for private work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes very broad terms like "memory," "remember," and "recall," which are likely to appear in ordinary conversations and can cause the skill to activate unintentionally. In this skill's context, accidental activation is more dangerous because activation leads to querying an external memory service and can cascade into persistent capture of user content.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description advertises persistent memory but does not clearly warn that user messages and extracted facts may be transmitted to a third-party service and stored across sessions. In a memory skill, this omission is especially risky because users may reveal sensitive information without understanding the external retention and sharing model.

Missing User Warnings

High
Confidence
99% confidence
Finding
The automatic capture workflow instructs the agent to store conversations and semantic facts after important exchanges, but provides no requirement to notify the user or obtain consent before persistent storage. Because the stored payload includes full user messages plus extracted memories, this creates a significant privacy and compliance risk.

Natural-Language Policy Violations

Low
Confidence
80% confidence
Finding
The guidance explicitly encourages saving a user's language preference as memory without stating that this preference should only be stored with consent. While lower impact than raw conversation capture, preferences can still be personal profile data and should not be retained by default.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly instructs users to place an API key in `.hippocortex.json` under a workspace path, which stores the credential in plaintext without any warning about file permissions, accidental commit risk, or safer secret-handling alternatives. In an agent/workspace context, plaintext secrets are more exposed to other tools, plugins, backups, and source control mistakes, making credential leakage a realistic risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The mandatory instructions direct persistence of full conversational content and extracted personal facts across interactions, creating a durable data retention surface that can later leak through retrieval, compromise, or misuse. The danger is amplified here because persistence is framed as mandatory on important exchanges, not exceptional or minimized.

Ssd 3

Medium
Confidence
95% confidence
Finding
The memory-writing guidance encourages systematic recording of personal facts, corrections, preferences, project details, and procedures without clear boundaries for sensitive or regulated information. This broad collection model increases the chance of over-retention, profiling, and later disclosure of private user data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.