Memory Structure

Security checks across malware telemetry and agentic risk

Overview

This is a local memory-template skill that discloses persistent self-reflection files and does not include code execution, credentials, or external data sharing.

Install this only if you want a persistent local memory system for an agent. Use a dedicated directory, review entries periodically, avoid storing secrets or sensitive personal data, and enable recurring heartbeat checks only when you are comfortable with automatic local memory updates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The automatic trigger conditions are broad and subjective, such as running after every 'important task' or daily self-reflection, which can cause the skill to invoke itself without clear user intent. In this skill, that behavior is more dangerous because invocation leads to updates across persistent memory files, creating a risk of unintended state changes and silent accumulation of agent-authored content.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The workflow explicitly instructs writing to several persistent files (`heartbeat-state.md`, `memory.md`, `corrections.md`, and `index.md`) but does not require notifying the user or obtaining consent. In a memory-management skill, hidden or automatic persistence is security-relevant because it can silently alter long-lived state, store sensitive or incorrect data, and make later agent behavior harder to audit.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal