mempalace

Security checks across malware telemetry and agentic risk

Overview

This local memory skill matches its stated purpose, but it needs Review because it automatically persists and reuses conversation history without clear consent, redaction, or retention limits.

Install only if you intentionally want a local long-term memory system for conversations. Before using it, verify where data is stored, how to disable automatic diary writes, how to review and delete saved memories, and avoid using it with credentials, regulated personal data, or confidential business content unless you have confirmed appropriate controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly instructs the agent to write a diary entry after each session, creating persistent storage of conversation content by default without any opt-in, warning, or sensitivity check. Even though storage is local, automatic retention of user conversations can capture sensitive personal, financial, health, or credential-adjacent data and creates privacy and compliance risk.

Ssd 3

Medium

Confidence: 97% confidence
Finding: Requiring the agent to record what happened, what it learned, and what matters after every session establishes default persistent surveillance of user interactions. This broad retention directive lacks data minimization, consent, and exclusion rules, so sensitive information may be stored indefinitely and later surfaced unexpectedly.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The skill is built around storing verbatim conversation history and instructs the agent to consult that memory before answering about people or past events. In context this is core product functionality, but it still creates a real privacy risk because verbatim history can contain sensitive user data, and mandatory retrieval increases the chance of broad processing and resurfacing of old information without fresh user consent.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The write API encourages storing verbatim content directly into persistent memory without any mention of redaction, classification, or consent checks. This increases the chance that secrets, personal data, or regulated information are saved permanently and later exposed through search or downstream tool access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal