ClawHub

Memory Management

Security checks across malware telemetry and agentic risk

Overview

This is a coherent project-memory skill that intentionally stores, edits, archives, and purges local SEO project memory files, with the main risks disclosed and mostly user-directed.

Install only if you want durable local project memory under memory/. Avoid storing secrets or unnecessary personal data, review automatic hook behavior before enabling it, confirm archive/restore/purge operations carefully, and inspect any external recovery script or hook files before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The runbook authorizes the skill to run a shell recovery script and perform restore operations that move and delete files based on archive metadata. Even though the text mentions some validation in the external script, granting a memory-oriented skill direct authority to execute recovery tooling materially expands its capability into filesystem mutation and command execution, increasing the blast radius if the skill is prompted incorrectly or if archive metadata is maliciously crafted elsewhere.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes very generic phrases such as 'what did we decide last time', 'what do we know so far', and 'project status', which can match ordinary conversation and cause this memory-writing skill to activate unexpectedly. Because the skill can read and persist cross-session context, accidental invocation increases the chance of unnecessary data access, retention, or modification beyond user intent.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The when_to_use guidance is broad enough to cover vague maintenance requests like reviewing, archiving, or cleaning up campaign memory without clearly constraining what data may be accessed or changed. In a skill that manages persistent memory and archives, ambiguous activation boundaries create a real risk of over-collection, unintended writes, and privacy-impacting operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file instructs the agent to update, save, move, archive, and compress memory files across multiple directories without any requirement for explicit user confirmation, preview, or rollback. In a memory-management skill, these are real state-changing operations that can silently alter or delete active context, create unintended retention, or archive information the user still needs.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill is explicitly designed to retain HOT/WARM/COLD project context across sessions and auto-load part of it on session start. Persistent cross-session memory is inherently privacy-sensitive because it expands retention, increases exposure surface, and can cause stale or sensitive context to be reused in later sessions without fresh user consent.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to ask for and store business-sensitive details including keywords, competitors, metrics, campaigns, and terminology. Even if not personal data, this is sensitive operational information; centralizing and persisting it increases the blast radius of misrouting, unauthorized access, or accidental reuse in unrelated sessions.

Ssd 3

Medium
Confidence
88% confidence
Finding
The save workflow operationalizes persistent storage of current results for future sessions, turning transient outputs into durable memory. That creates a concrete retention pathway for sensitive analysis results and can normalize storage even when the user may not understand the long-term privacy and security consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal