ClawHub

Mem0

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Mem0 memory skill, but it can persist conversation-derived personal context and process it through OpenAI using the user's API key.

Install only if you want persistent assistant memory. Configure the user ID before use, do not store secrets or sensitive personal data, understand that memory text may be processed through OpenAI using your API key, and periodically review or delete stored memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes scripts that rely on environment-provided secrets, specifically noting use of OPENAI_API_KEY, yet no permissions or trust boundary are declared. This creates hidden capability to access external services and process user data with credentials the operator may not realize the skill can use.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose emphasizes conversational memory, but the skill also exposes destructive deletion operations, full memory enumeration, and third-party OpenAI processing that are not fully reflected in the description. That mismatch undermines informed consent and safe invocation because users or orchestrators may authorize a retrieval tool while unintentionally granting broader data-management and external-sharing behavior.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The document tells operators not to store secrets in Mem0, yet describes the companion MEMORY.md as containing credentials. That contradiction can normalize insecure handling of sensitive data and cause developers or agents to persist secrets in plaintext documentation or memory stores, increasing risk of disclosure and misuse.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill encourages broad automatic invocation for 'learning user preferences or patterns during conversation,' which can capture more user content than necessary without a narrow trigger. Over-broad activation increases the chance of persistent storage of personal data from ordinary chats, even when the user did not clearly consent to memory formation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The guidance explicitly supports automatic storage of conversation messages and learned preferences, but it does not pair that with a clear privacy warning, retention policy, or consent mechanism. Because the content may be sent to external OpenAI services for extraction and embedding, this can lead to undisclosed collection and third-party processing of personal conversation data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The pattern recommends automatically storing user and assistant messages as conversation context without requiring clear notice, consent, or minimization. Because this skill is specifically designed for persistent cross-conversation memory, automatic capture can retain personal or sensitive information users did not intend to persist.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The configuration notes say OpenAI models are used for embeddings and extraction, but the documentation does not clearly warn that conversation content may be sent to an external provider. In a memory system that processes personal preferences and historical context, this omission can lead to unintentional third-party disclosure and privacy noncompliance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script sends arbitrary text or conversation messages to the external Mem0 service via `memory.add(...)` without any user-facing consent check, warning, or filtering. Because the skill is explicitly designed to store conversational preferences and context, it may capture sensitive personal or confidential information and disclose it to a third-party service unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script prints stored memory contents, IDs, and timestamps directly to stdout, which can expose sensitive user preferences, conversation-derived context, or other personal data to terminal logs, shell history workflows, CI logs, or other observers. In a memory-layer skill, this is more dangerous than usual because the data is specifically designed to persist user context across conversations and may contain sensitive behavioral or personal information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal