ClawHub

Ai Compound 1.0.1

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned but needs Review because it encourages unattended memory extraction, agent-instruction edits, scheduled background jobs, and git commits or pushes without enough scoping or approval controls.

Install only if you deliberately want an agent to build persistent memory from your sessions. Start with manual review, inspect diffs before writing MEMORY.md or AGENTS.md, avoid committing or pushing generated memory until you verify the remote and contents, exclude secrets and sensitive sessions, and do not enable cron or launchd until you have a clear disable path and review process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automatic review, memory updates, and knowledge compounding but does not clearly warn that it will modify local files and repository state. In an agent setting, silent state changes are dangerous because users may trigger file edits and downstream automation without informed consent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The nightly review flow explicitly says it will update files and 'commit and push changes' without a clear warning that this may publish data to a remote repository. Automatic push materially increases risk because session-derived content, mistakes, preferences, or sensitive project details could be exfiltrated outside the local machine.

Missing User Warnings

High
Confidence
98% confidence
Finding
The cron job text directs unattended updates to memory files and commits based on all sessions from the last 24 hours, including user preferences and unfinished work, with no disclosure about persistent storage. Because this runs on a schedule, it can repeatedly capture and retain sensitive information without contemporaneous user review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manual review instructions tell the agent to update multiple files and create a git commit, but they do not present these as potentially sensitive modifications requiring user awareness. Even when manually invoked, the skill encourages broad state changes that may alter agent behavior and preserve private context over time.

Ssd 3

Medium
Confidence
97% confidence
Finding
Persisting user preferences and session-derived details into memory files and version control creates a durable record that can expose sensitive personal or operational information over time. Version control worsens the issue because accidental retention becomes harder to delete completely once committed and pushed.

Ssd 3

Medium
Confidence
96% confidence
Finding
The review job instructs summarizing all sessions from the last 24 hours into persistent files, including user preferences and unfinished items. Broad collection from all sessions increases the chance of sweeping in confidential prompts, internal decisions, or sensitive business context that was never intended for long-term retention.

Ssd 3

Medium
Confidence
95% confidence
Finding
The manual review workflow explicitly asks the agent to record likes/dislikes, decisions, and session details into long-term and daily memory. This normalizes retaining behavioral and contextual data that can later influence agent actions or leak through repository sharing and logs.

Ssd 3

Low
Confidence
89% confidence
Finding
The memory template encourages storing items like timezone and repository paths, which may seem innocuous but still reveal personal and infrastructure metadata. In aggregate, such context can aid profiling, targeted attacks, or unintended disclosure when memory files are shared or committed.

Session Persistence

Medium
Category
Rogue Agent
Content
### Hourly Memory (crontab)

```bash
# Add with: crontab -e
0 * * * * /opt/homebrew/bin/clawdbot cron run compound-hourly 2>&1 >> ~/clawd/logs/compound.log
```
Confidence
92% confidence
Finding
crontab -e

Session Persistence

Medium
Category
Rogue Agent
Content
### Nightly Review (launchd - macOS)

```xml
<!-- ~/Library/LaunchAgents/com.clawdbot.compound-review.plist -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "...">
<plist version="1.0">
Confidence
90% confidence
Finding
plist

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal