Back to skill

Security audit

Memora Kb

Security checks across malware telemetry and agentic risk

Overview

Memora is a coherent personal knowledge-base skill, but its privacy claims conflict with documented cloud LLM and embedding provider use.

Review this before installing if your knowledge base will contain private, regulated, or confidential documents. Prefer localhost-only KB_API_BASE and local embedding/LLM settings when possible, add API keys only for providers you trust, and inspect the external repository install script before running it. Treat web scraping as user-directed and only scrape sources you are allowed to collect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill metadata declares only an environment requirement (`KB_API_BASE`), but the documentation clearly describes network-capable behavior including REST API access, web scraping, and calls to external LLM/embedding providers. Undeclared capabilities reduce transparency and can cause the agent framework or user to underestimate what the skill may access or transmit.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation guidance is very broad ('use when' covers generic knowledge management, document handling, semantic search, conversations, visualization, and workflow integration), which increases the chance the skill is invoked in contexts where users do not expect document ingestion, web scraping, or third-party model use. Over-broad routing can expose sensitive data to a more capable skill than necessary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises built-in web scraping but provides no warning about target-site permissions, robots/terms compliance, or the possibility of collecting sensitive or copyrighted content. In an agent setting, this can lead users to trigger automated retrieval from sites without understanding privacy and legal constraints.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README lists external providers such as DashScope, DeepSeek, and OpenAI-compatible services, but does not clearly warn that uploaded documents, queries, and chat content may be transmitted to third parties when those integrations are enabled. For a personal knowledge base, this omission is significant because users may assume data remains local and private.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.