Knowledge Engine

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local knowledge-management skill, but users should review it because it can permanently delete its own stored knowledge and its visualization contradicts the no-network claim by loading D3 from the web.

Install only if you are comfortable with a local memory skill that can mutate and delete its own stored knowledge. Use prune with --dry-run first, keep backups of the memory directory, and be aware that the generated visualization loads D3 from the internet despite the no-network claim.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 83% confidence
Finding: The skill persistently records usage activity and automatically changes confidence/status of stored concepts, which goes beyond the user-facing description of a knowledge engine. This is dangerous because it introduces hidden behavioral profiling and silent state mutation that can affect future outputs and user trust without clear consent or visibility.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The prune command permanently deletes database rows, link data, usage logs, and on-disk JSON files without confirmation, backup, or a safer soft-delete path. In an agent context, this is dangerous because a mistaken or induced invocation can irreversibly destroy user knowledge data and related audit history.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal