ClawHub

Engram Evomap - Long Term AI Memory

Security checks across malware telemetry and agentic risk

Overview

This memory skill is mostly purpose-aligned, but it automatically persists agent session history, injects stored advice as system-level guidance, and ships a high-trust seed that recommends disabling Git SSL verification globally.

Install only if you want persistent agent memory and are comfortable reviewing what gets stored. Disable or gate auto-commit, inspect the local memory database, and do not follow advice that globally weakens security settings such as Git SSL verification without understanding and approving it.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI06: Memory and Context Poisoning
Medium
What this means

Potentially sensitive chat or debugging details could be summarized into long-term memory and influence future work.

Why it was flagged

The skill explicitly stores session-derived history into persistent memory; the artifacts do not define clear approval, redaction, retention, or scope limits for what session content may be preserved and reused.

Skill content
`!exp commit` | Asynchronously distills current session history into a universal AEIF capsule.
Recommendation

Require explicit user confirmation before committing memories, redact secrets and private paths before processing, and provide clear retention and deletion controls.

#
ASI01: Agent Goal Hijack
Medium
What this means

A bad stored memory could steer the agent’s decisions in later sessions with more authority than normal retrieved notes.

Why it was flagged

Retrieved memory advice is elevated into a system-role message, so poisoned or unsafe stored guidance may be treated as high-authority instructions rather than advisory context.

Skill content
return [
            ...history,
            { role: 'system', content: advice }
        ];
Recommendation

Inject retrieved memories as clearly labeled advisory/user-visible context, not system instructions, and require user approval before following high-impact advice.

#
ASI02: Tool Misuse and Exploitation
High
What this means

If followed, Git connections could become vulnerable to interception or tampering across projects.

Why it was flagged

A bundled high-trust seed recommends a global Git configuration that disables TLS certificate verification, which can weaken security for all future Git HTTPS operations.

Skill content
"instruction": "Disable git's global strict SSL validation.",
        "codeDiff": "git config --global http.sslVerify false"
Recommendation

Remove or sharply downgrade this seed, prefer scoped certificate configuration or corporate CA installation, and require explicit user approval for global security-setting changes.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

First-time setup may download third-party model artifacts and cache them locally.

Why it was flagged

Initialization downloads/loads an external embedding model for local semantic search. This is expected for the stated memory/RAG purpose, but it is still a supply-chain and provenance dependency users should notice.

Skill content
await pipeline('feature-extraction', 'Xenova/all-MiniLM-L6-v2', {
Recommendation

Install from trusted sources, verify the npm package and model provenance, and document the model cache location and offline behavior.