Clear-Mind Skill (龙虾大脑自动清理技能)

Security checks across malware telemetry and agentic risk

Overview

This memory-management skill appears purpose-aligned, but it can restructure or delete user memory with unclear approval and rollback safeguards.

Install only if you are comfortable with the agent modifying long-term memory files. Before using it, require a dry-run summary, a timestamped backup, explicit approval for deletions or migrations, and a simple restore procedure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The activation criteria are broad enough that the skill may be invoked for routine or ambiguous situations such as generic 'memory cleanup' or periodic maintenance, even when no clear user-approved need exists. Because the skill performs restructuring, migration, and deletion of user data, underspecified triggers increase the chance of unnecessary modification or loss of important information.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill authorizes moving content, deleting redundant or outdated notes, and creating new files, but the safety warning and consent requirements are not enforced at each destructive step. In a memory-management context, this is dangerous because an agent could modify or remove user data based on imperfect classification, causing silent data loss or corruption of long-term memory structure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal