ClawHub

Agent Memory Architecture

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for local agent memory files; its persistence and privacy risks are real but disclosed and aligned with the skill’s purpose.

Install only if you want your agent to keep durable local memory. Treat MEMORY.md and the memory/ directory as private records, avoid storing secrets or regulated personal data, review retained notes regularly, and be aware that the documented memory_search/memory_get steps may use platform tools rather than a purely manual file-only search.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill markets itself as a zero-dependency, file-only memory system, but later instructs the agent to use external memory_search and memory_get tools. This inconsistency can mislead operators about the trust boundary and runtime capabilities, causing deployment in environments where those tools are unavailable or where externalized memory access violates policy.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documented search workflow depends on tool-based semantic search and retrieval despite the skill's repeated claim of no external tools. That mismatch creates a security and reliability issue because agents may invoke capabilities users did not consent to, potentially broadening data access beyond the local file architecture promised by the skill.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The skill description is broad and generic enough to activate for many ordinary memory, context, persistence, or productivity requests. Over-broad activation can cause the agent to start persistent logging or memory management in situations where the user did not intend durable storage, increasing the chance of unnecessary data retention and privacy exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages storing information about humans, preferences, relationships, goals, and communication styles in persistent files, but it does not require an upfront user-facing notice or consent flow for privacy and retention. Even though it warns against storing secrets, it still promotes accumulation of sensitive personal and business context that could be exposed, overshared, or retained longer than users expect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal