Security audit

Agent Memory Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a local housekeeping skill that archives old memory notes and does not show hidden networking, credential use, or automatic execution.

Run the dry-run command first and confirm the memory directory and proposed moves. Back up important notes or check the archive folders before a real run, because an existing archived file with the same name can be replaced.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: This is a markdown file, so SQP-2 applies to missing user warnings in documentation. The README shows a destructive-by-default invocation and mentions file moves/archive behavior, but it does not clearly caution users that the non-dry-run command will modify filesystem state by relocating memory files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal