Project Memory Ledger

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed project ledger, but Drive mode can write ledger contents to Google Workspace despite local-only wording, so users should review the data flow before installing.

Install only if you are comfortable with a durable project memory ledger. Use backend=local unless you intentionally want Google Workspace writes, check the config paths and Drive folder/doc IDs before running commands, and avoid storing secrets or sensitive internal notes in entries that could be synced to Drive.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill clearly instructs execution of python and optional gws-based Drive operations that imply file read/write, shell execution, and network access, yet it declares no permissions. This creates a transparency and policy-enforcement gap: operators may authorize or review the skill as low-risk while it can modify local ledgers, scaffold directories, and interact with external Drive resources.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 85% confidence
Finding: The skill description emphasizes a local Markdown ledger, but the body also describes broader behaviors: project registration, local scaffolding, PRD proposal generation, and optional Drive folder/document creation and append behavior. This mismatch is dangerous because users and automated reviewers may underestimate the operational reach of the skill, especially the external-write and project-structure side effects.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: In drive mode, project names, purposes, and document contents are transmitted to Google Workspace without a prominent runtime disclosure or confirmation. In a memory-ledger skill, entries may contain sensitive internal decisions or evidence, so silent remote sync can cause unintended data exposure to third-party cloud storage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal