Back to skill

Security audit

ontology

Security checks across malware telemetry and agentic risk

Overview

This is a transparent local knowledge-graph memory skill, with the main risk being that it intentionally persists user-supplied structured memory in the workspace.

Install this only if you want agents to keep a durable local knowledge graph. Avoid storing passwords, tokens, API keys, or raw secrets; use secret references only. Periodically inspect memory/ontology/graph.jsonl and schema.yaml because updates and deletes are represented through appended history and shared state may be read by other skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to read and write local workspace files under memory/ontology, create directories, and append to graph and schema files, but it does not declare any permissions or guardrails for those capabilities. In a composable memory skill, undeclared file-write access is risky because other skills may rely on this shared state, making silent persistence, data tampering, or cross-skill poisoning easier if invocation is triggered unexpectedly or with untrusted content.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad phrases like "remember", "what do I know about", entity CRUD, and cross-skill data access, which can match many ordinary user requests and cause the skill to activate in situations where persistent storage was not intended. Because this skill writes shared structured memory, accidental invocation can turn benign conversation into stored state, overwrite ontology relationships, or expose cross-skill context in ways the user did not expect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.