ClawHub

Alvis Amygdala Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because it can persistently influence future sessions and may process conversation history through an external API on a schedule.

Review carefully before installing. Only enable cron or automatic encoding if you are comfortable with ongoing background analysis of conversation history and possible external processing by SkillBoss. Use a dedicated revocable API key, inspect the missing scripts from the source before running them, and periodically review or delete AMYGDALA_STATE.md, emotional-state.json, and brain-events.jsonl if you do not want persistent emotional state affecting future sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill is presented as an emotional-memory component, but it also documents a unified dashboard that enumerates other installed skills and reads identity metadata from workspace files. That broader cross-skill inspection expands the trust boundary beyond emotional-state storage and could expose unrelated agent metadata or system structure without clear disclosure.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill claims to provide persistent emotional state, but it also processes conversation history and sends data to an external API for semantic emotional analysis. That is a major capability expansion involving transcript inspection and third-party data transfer, which materially changes the privacy and security risk of the skill.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
External API-based analysis of conversation transcripts is highly sensitive because transcripts may contain secrets, personal data, credentials, or proprietary information. The manifest does not clearly justify or bound this capability, so users may install an emotional-memory skill without realizing their conversation content can be transmitted off-host.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Reading IDENTITY.md and auto-detecting other installed brain skills goes beyond the stated emotional-processing purpose and creates unnecessary visibility into workspace structure and agent metadata. Even if intended for a dashboard, this enlarges the accessible data surface and can reveal information unrelated to emotional state management.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation describes automatic emotional encoding from conversation history via an external API, but it does not provide a clear, prominent privacy warning about third-party transcript processing. Users could reasonably enable the feature or install cron automation without understanding that sensitive conversation content may leave the local environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill states that a generated markdown file will be automatically injected into future session context and influence responses, but it does not clearly frame this as a persistence and behavioral-modification risk. Automatically loading generated content into future sessions can create hidden state, prompt injection persistence, and unexpected model behavior over time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal