Forgetting Curve

Security checks across malware telemetry and agentic risk

Overview

This is a small local Python memory-decay utility with some documentation inconsistencies but no evidence of unsafe behavior.

Reasonable to install if you need a simple local forgetting-curve helper. Treat the feature list cautiously: verify the exact APIs in forgetting_curve.py before relying on power-law or full SRS claims, because the documentation and roadmap do not fully agree.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The documentation advertises spaced-repetition scheduling and batch processing as available features, while the roadmap later states those capabilities are not yet implemented. This can mislead downstream agents or users into invoking nonexistent APIs or making unsafe assumptions about module behavior, causing integration failures and potentially breaking memory-related workflows.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The skill claims support for multiple decay models, but the roadmap indicates that multi-model support is still pending. This discrepancy creates a supply-chain trust issue in which consumers may rely on unsupported algorithmic behavior, leading to incorrect memory scoring or failed execution when integrated into larger systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal