Semantic Vector Store
Security checks across malware telemetry and agentic risk
Overview
The skill matches its memory-search purpose, but it needs review because it persists user memory data and reloads local stored data using an unsafe serialization format.
Install only if you are comfortable with memory text, embeddings, and metadata being stored locally under the configured database path. Keep the SQLite, FAISS, and ID-map files in a trusted location, do not import or share database/index files from untrusted sources, and verify any future Pinecone or Weaviate backend documentation before enabling cloud storage.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.