Neural Memory Enhanced

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory skill, but it asks agents to persist and automatically reuse conversation context without enough consent, scoping, or retention controls.

Install only if you intentionally want persistent agent memory. Verify the intended package source before installing, keep separate brains for different projects or users, avoid storing secrets or regulated personal data, and instruct the agent to ask before saving or auto-processing conversation content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs proactive use in broad, ordinary contexts such as starting any new task and remembering facts, decisions, errors, or context across sessions. That broad trigger surface can cause the agent to invoke persistent memory without clear user intent or necessity, increasing the chance of over-collection and later resurfacing of sensitive conversational data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The description promotes persistent recall across sessions but does not prominently warn that conversation-derived information may be stored locally and reused later. Users and operators may therefore misunderstand the retention behavior, leading to inadvertent storage of private or sensitive data without informed consent.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The workflow encourages retaining and reusing facts, decisions, errors, preferences, and recent context across sessions in natural language. In an agent environment, this creates a realistic data retention and leakage risk because sensitive details shared in one session can later be recalled in another context, potentially to the wrong user, task, or project.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill directs automatic processing of important conversation segments to extract facts, decisions, errors, and TODOs without requiring explicit user review. Automatic capture materially increases risk because sensitive content, credentials, internal plans, or personal data can be ingested and later resurfaced or transferred, especially given the skill's persistent cross-session design.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal