Security audit

sense-memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Nostr-backed memory skill; it carries real privacy risk, but its sensitive behavior matches its stated purpose.

Install only if you want the agent to keep durable memory outside the local machine. Use a dedicated Nostr identity, protect the passphrase or nsec, choose a relay you trust, avoid secrets or highly sensitive personal details, and remember that relay deletion may not be fully guaranteed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill demonstrates access to environment variables and networked relay usage but does not declare corresponding permissions in metadata. This creates a transparency and policy-enforcement gap: a host may load the skill without realizing it can access secrets or external services, undermining sandboxing and informed consent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation guidance uses broad phrases like when the operator asks to 'remember things' or 'set up memory,' which can cause the skill to engage in many contexts without a precise consent boundary. That increases the chance the agent starts persisting data unexpectedly, including sensitive user information, based on ambiguous conversation cues.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill promotes storing memories on internet relays but does not present a clear up-front warning that user data, even if encrypted, is being sent to third-party infrastructure outside the local environment. Encryption reduces content exposure but does not eliminate metadata leakage, retention risk, relay compromise, or consent concerns around transmitting personal data to external systems.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The example sends memory and journal content to a remote Nostr relay, including potentially sensitive personal data, without any explicit warning that this leaves the local environment. Even if the library encrypts content, users may not understand the metadata and disclosure implications of transmitting private memories to a third-party relay.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs long-term storage of user preferences, facts, and other personal details, then encourages recalling all remembered information on request. In context, this creates durable profiling and aggregation of sensitive user data across sessions, increasing privacy risk, misuse potential, and consequences of relay, key, or account compromise.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The journaling guidance encourages storing session summaries and behavioral observations about the user over time, which amounts to persistent profiling. Even if encrypted, this materially raises privacy and surveillance risks because it creates a cumulative dossier that may reveal patterns, habits, frustrations, travel, and other sensitive inferences.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill explicitly recommends accumulating insights about how the user thinks and their preferences over time, encouraging psychological and behavioral profiling rather than simple task memory. That context makes the persistence feature more dangerous because it expands from utility storage into long-term inference and personality modeling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.