Security audit

system memory inspector

Security checks across malware telemetry and agentic risk

Overview

The skill matches its memory-inspection purpose, but it persistently records system-wide process command lines that may contain secrets without adequate warning or safeguards.

Review before installing. Use only on Linux hosts where system-wide process inspection is authorized, and strongly consider removing or redacting the CMD field before scheduling it. Restrict /var/log/memory-inspector permissions, define cleanup/retention, and avoid sharing generated reports until command-line arguments have been checked for secrets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Low

Confidence: 95% confidence
Finding: The documentation says collection is from /proc/<pid>/status and lists a limited set of fields, but the code also reads and persists each process command line from /proc/<pid>/cmdline. Command lines often contain secrets, tokens, file paths, customer data, or operational details, so the undocumented expansion of collection scope creates an avoidable confidentiality risk.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The script writes full process command lines for all eligible processes into persistent snapshot files and later uses that data in reporting. On Linux systems, process arguments frequently include API keys, database passwords, bearer tokens, internal hostnames, and sensitive filenames, so broad plaintext persistence materially increases exposure surface.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill description omits a clear warning that it persistently records metadata and command lines for all scanned processes into /var/log. Because this is a system-wide inspection skill, operators may deploy it broadly, and the lack of explicit disclosure makes inadvertent collection of sensitive operational data more dangerous in this context.

Ssd 3

Medium

Confidence: 97% confidence
Finding: Persistently storing full process command lines in snapshots and trend/report inputs creates a straightforward sensitive-data disclosure channel. Even if the skill's purpose is memory leak detection, command-line contents are not necessary for core trend analysis and can expose secrets unrelated to the inspection task.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The report generator intentionally echoes stored command lines for flagged processes into a human-readable report, turning previously collected sensitive arguments into a natural-language exposure path. Reports are often shared with operators, ticket systems, or chat tools, which amplifies the risk of credential or environment leakage beyond the local host.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.