Security audit

记忆索引管理器

Security checks across malware telemetry and agentic risk

Overview

This memory skill is understandable, but it needs review because it can automatically archive and reorganize conversation memory without clear opt-in or disable controls.

Install only if you want automatic long-term memory maintenance, not just manual recall. Before using it, confirm whether any scheduled job will be created, review the referenced daily flush behavior, and make sure you can disable it and delete indexed or archived memory entries.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The migration notes state recall is now 'purely on-demand', but the skill still defines background index maintenance and a scheduled daily flush that modify memory files without an explicit recall trigger. This inconsistency can mislead users and reviewers about when data is read or written, causing unintended persistence and silent background processing.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The daily flush workflow automatically creates, appends to, archives, and updates memory/index files on a schedule, but the skill does not present this as a clear user-facing consent boundary. Background modification of persistent memory increases privacy and integrity risk because data may be stored or reorganized even when the user did not explicitly request recall or retention.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal