ClawHub

Amygdala Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is an openly disclosed emotional-memory tool, but it asks users to enable unreviewable scripts, background conversation analysis, external API processing, and persistent session injection without enough data-scoping controls.

Review before installing. Do not run the cron jobs, provide a SkillBoss API key, or enable automatic encoding unless you are comfortable with conversation-derived data being processed externally and persistent emotional summaries influencing future sessions. Inspect the missing scripts first and confirm there are clear ways to disable cron, delete stored state, and limit which conversation history is analyzed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill is presented as an emotional-state layer, but the documentation later introduces transcript analysis and LLM-based processing of conversation history. That scope expansion matters because users may consent to local emotional persistence without realizing their conversations can be semantically analyzed and potentially sent to an external service.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Requiring an API key and invoking an external SkillBoss endpoint to analyze conversation history creates a data exfiltration path that is not clearly justified by the manifest's stated purpose. In a memory/emotion skill, hidden or under-disclosed outbound analysis of user conversations materially increases privacy and trust risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes automatic processing of conversation history and external API-based emotional detection without a prominent privacy warning or consent flow. Because this operates on conversational content and may run on cron, users may be unaware that sensitive prompts, personal disclosures, or proprietary information could be analyzed remotely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Auto-injecting generated emotional-state markdown into every session without a clear warning creates hidden context propagation and behavioral influence. This can expose prior user-derived information across sessions and alter agent responses in ways users did not explicitly authorize or understand.

Ssd 3

Medium
Confidence
93% confidence
Finding
Automatically deriving emotional signals from conversation history and persisting them creates a durable record of user-linked conversational attributes. If those signals or associated triggers are later surfaced, synced, or injected into context, sensitive information from prior interactions can leak into new sessions or other tools.

Ssd 3

Medium
Confidence
95% confidence
Finding
Auto-injecting emotional state into every session creates a built-in cross-session data channel, carrying forward user-derived information in plain language. Even if summarized, this can disclose prior relationship context, mood inferences, or behavioral cues to later sessions that should start clean or be scoped differently.

Ssd 3

Medium
Confidence
88% confidence
Finding
The examples encourage storing user-linked triggers such as a 'deep conversation with user' in persistent emotional memory. That practice can retain relational or sensitive contextual details unnecessarily, increasing the chance of privacy leakage, profiling, or unintended reuse in later sessions.

Session Persistence

Medium
Category
Rogue Agent
Content
```

This will:
- Create `memory/emotional-state.json` with baseline values
- Generate `AMYGDALA_STATE.md` (auto-injected into sessions!)
- Set up cron for automatic decay every 6 hours
Confidence
86% confidence
Finding
Create `memory/emotional-state.json` with baseline values - Generate `AMYGDALA_STATE.md` (auto-injected into sessions!) - Set up cron for automatic decay every 6 hours ### 2. Check current state ```

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal