ClawHub

agent-crew

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent local team-management tool, but its persistent memory files should be treated as prompt-visible and not used for secrets or sensitive personal data.

Install this only if you want local persistent multi-agent state under .claude. Do not put API keys, passwords, tokens, regulated data, customer data, or confidential one-off details in memory.md or progress.md, because memory content is reused in generated prompts. Review and prune .claude/teams memory files before awakening an existing team.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template explicitly tells the role to append user-emphasized content into persistent memory, but it provides no consent boundary, sensitivity filter, or retention rule. Because this memory is later read by tooling and injected into prompts, user-provided preferences, confidential details, or regulated data could be retained and resurfaced outside the original interaction context.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes persistent recording of user-related information via '个性化记忆' and '渐进式记录', creating a mechanism to retain potentially sensitive data beyond the immediate task. Because this data is written to project files and later reused, users may unknowingly disclose secrets or personal data that persist longer than intended.

Ssd 3

High
Confidence
99% confidence
Finding
The instruction to proactively record anything the user says to 'remember' into memory.md creates an unsafe persistence sink for arbitrary user-provided content. This can capture credentials, tokens, personal data, or prompt-injection content that later contaminates future runs or downstream agent behavior.

Ssd 3

High
Confidence
99% confidence
Finding
The prompt-generation step reads private memory files and concatenates them directly into agent system prompts, turning persisted data into high-trust prompt context. This enables prompt injection persistence, accidental disclosure of sensitive memory contents to subagents, and privilege amplification because untrusted stored text is elevated into system-level instructions.

Ssd 3

Medium
Confidence
92% confidence
Finding
Defining memory.md as a place to store user-emphasized 'remember this' information establishes persistent storage for user-originated content without safeguards. In context, this is more dangerous because the same file is later consumed by automation and prompt construction, increasing the blast radius of any sensitive or malicious entry.

Ssd 3

Medium
Confidence
97% confidence
Finding
This template creates a reusable memory store containing user-emphasized content and states it will be consumed by generate_prompts.py for later prompt injection. That creates a concrete data retention and cross-context disclosure risk: sensitive text captured in one session can later be exposed to other tasks, agents, or users if memory is reused without strict scoping and sanitization.

Ssd 3

Medium
Confidence
91% confidence
Finding
The template instructs agents to proactively record 'all practice experience, error lessons, or anything the user/Leader says to remember' into a long-term `memory.md` file. Without data minimization, retention limits, or sensitivity filtering, this can lead to storage of secrets, personal data, credentials, or other sensitive operational context that persists beyond the immediate task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal