记忆秘书

Security checks across malware telemetry and agentic risk

Overview

This skill locally analyzes workspace memory notes and writes a local quality report, which fits its stated purpose but may summarize sensitive notes.

Install this only in workspaces where you are comfortable with local memory notes being scanned. Review generated files under memory/secretary and any share-report output before sharing them, and enable the optional cron-style daily check only if you want unattended recurring analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill persists generated analysis reports to disk in the workspace without clearly surfacing that behavior at the point of use. In a memory-management tool that processes potentially sensitive workspace content, silent persistence can create privacy and data-retention risks, especially if reports contain filenames, content-derived findings, or operational history.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal