Memory Curator

Security checks across malware telemetry and agentic risk

Overview

This skill locally summarizes Clawdbot memory logs into digest files, and its file access matches its stated purpose.

Install this only if you are comfortable with a local tool reading your Clawdbot memory logs and writing summarized digest files that may preserve names and activity details. Use normal date arguments, review generated digests before committing or sharing them, and enable the suggested cron job only deliberately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: This shell script reads a daily log and generates a new markdown digest that includes people/usernames, timestamps, sections, and karma-related data. While file generation is the script's purpose, the code does not provide any prior disclosure that potentially sensitive personal/activity data will be copied into a new file, and the here-doc overwrite via redirection occurs without confirmation.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal