zxyskill

Security checks across malware telemetry and agentic risk

Overview

This memory skill is not clearly malicious, but it asks the agent to automatically store user preferences and habits long term without clear consent, limits, or deletion controls.

Install only if you intentionally want persistent local memory. Before use, require confirmation before saving anything, avoid storing secrets or sensitive personal data, periodically inspect and delete MEMORY.md and memory/lessons files, and be cautious with the path-reading and URL-fetching behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The automatic trigger conditions are broad enough to activate on ordinary conversation such as casual preference statements, which can cause unintended data capture and workflow changes without clear user intent. In a long-term memory skill, this increases the chance of over-collection, false memory formation, and intrusive persistence of benign chat content.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README promotes permanent storage of key information, preferences, and habits but provides no privacy notice, retention limit, or deletion policy. This is dangerous because users may have sensitive personal data stored indefinitely in local memory files without informed consent, minimization, or clear controls.

Vague Triggers

High

Confidence: 94% confidence
Finding: The auto-trigger conditions are broad and loosely specified, so the skill may activate on ordinary conversation rather than explicit user intent. Because the skill then performs actions like reading provided paths/URLs and persisting data to memory files, unintended activation can lead to privacy issues, unwanted data retention, and surprising behavior.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger conditions reference prohibited-word and emergency-stop-word matches before those lists are concretely defined at trigger time, making activation boundaries ambiguous. Ambiguity in security-sensitive activation logic can cause both over-triggering and under-triggering, which is especially risky in a skill that modifies memory and intercepts operations.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs automatic persistence of user preferences, habits, and failure details to long-term memory files without a clear user-facing disclosure or consent step. This creates a transparency and privacy problem because users may not realize their inputs are being stored beyond the current session.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill explicitly encourages persistent collection of mistakes, preferences, and habits into memory files, creating a durable profile of user behavior. In this context, the danger is not just storage itself but the absence of minimization, sensitivity filtering, consent, and lifecycle management, which can lead to privacy leakage or misuse of retained data.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The automatic triggers instruct the system to detect preference-like statements and persist them at collection time, without requiring contemporaneous consent. Because the skill is specifically designed for long-term memory, this materially increases privacy risk by converting routine chat into stored profile data that the user may not expect to be retained.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill mandates writing user preferences and habits into persistent memory files with no content minimization, sensitivity filtering, retention limit, or access control guidance. That can result in storage of secrets, personal data, or sensitive behavioral information that later prompts or tools may reuse or expose.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Auto-triggering on phrases like '记住/remember' and then immediately persisting content enables indiscriminate retention of user-provided text, including sensitive or accidental disclosures. In this skill, the danger is increased because persistence is presented as automatic rather than explicit and scoped.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal