ClawHub

Cognitive Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cognitive-memory framework, but users should treat its long-term memory and emotion features as privacy-sensitive.

Install only if you want an assistant framework that can retain and reuse memories over time. Avoid storing sensitive personal details by default, define clear retention and deletion controls, sanitize learning logs, and verify any missing implementation code and dependencies before running it as a JavaScript package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README documents persistent memory storage, emotion perception, and recall of user-related content without any privacy notice, consent flow, data minimization guidance, or handling restrictions for sensitive personal data. In a skill centered on memory and emotional inference, this omission can lead developers to collect and retain highly sensitive user data insecurely or without appropriate legal and ethical safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly advertises remembering user preferences and history, but provides no notice about what data is stored, how long it is retained, or how users can control or delete it. In an agent setting, this creates a real privacy risk because personal data may be accumulated across interactions without informed consent or minimization controls.

Ssd 3

Medium
Confidence
98% confidence
Finding
The LearningLog example writes arbitrary error context directly into persistent markdown files using json.dumps(context, indent=2), which can capture secrets, prompts, personal data, tokens, or other sensitive runtime state in plain text. Because the logging is broad and unsanitized, any sensitive information present in context may be retained and later exposed to other users, tools, or attackers with filesystem access.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill's application scenario instructs the agent to remember user preferences and history without defining scope, sensitivity boundaries, or retention limits. This semantically encourages persistent cross-session storage of user data, which can lead to privacy violations, profiling, or unintended reuse of past interactions.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"metacognition"
  ],
  "dependencies": {
    "lancedb": "^0.4.0",
    "uuid": "^9.0.0"
  },
  "devDependencies": {
Confidence
83% confidence
Finding
"lancedb": "^0.4.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
],
  "dependencies": {
    "lancedb": "^0.4.0",
    "uuid": "^9.0.0"
  },
  "devDependencies": {
    "jest": "^29.0.0"
Confidence
90% confidence
Finding
"uuid": "^9.0.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"uuid": "^9.0.0"
  },
  "devDependencies": {
    "jest": "^29.0.0"
  },
  "scripts": {
    "test": "jest",
Confidence
79% confidence
Finding
"jest": "^29.0.0"

Known Vulnerable Dependency: uuid==9.0.0 — 1 advisory(ies): CVE-2026-41907 (uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided)

Low
Category
Supply Chain
Confidence
86% confidence
Finding
uuid==9.0.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal