ClawHub

上下文记忆球

Security checks across malware telemetry and agentic risk

Overview

This instruction-only memory helper is not malware, but it should be reviewed because it asks agents to save, restore, merge, and delete conversation context without clear safeguards.

Install only if you want an agent to persist and later reuse conversation summaries. Use explicit save/load commands, avoid storing secrets or personal data, require preview and confirmation before restore or merge, keep memory scoped to one user and project, and do not run the example `mempalace` commands unless you separately trust that local tool.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation phrases include very general expressions such as '记住当前进度', '保存上下文', and '加载上下文', which can easily appear in normal conversation. That creates a risk of accidental invocation, causing unintended capture, save, or restore of contextual data without the user clearly intending to activate a skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes saving to file, exporting JSON, and loading stored memory objects, but does not clearly warn users that conversation-derived data may persist outside the current session. Without explicit disclosure and consent, users may unknowingly store sensitive information or export it into less protected locations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The automatic deletion policy states that archived memory balls are permanently deleted after 90 days, but there is no warning that this loss is irreversible. Users could reasonably assume archival is safe long-term storage and unexpectedly lose important data.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly supports preserving and restoring conversation context across sessions and even shows a scenario switching between users, which creates a clear risk of cross-session and cross-user data leakage. Reusing stored context without strict isolation, scoping, and consent can expose sensitive prompts, preferences, project details, or other user-provided information to the wrong conversation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal