ClawHub
Back to skill

Security audit

Memos Memory Guide Andy27725

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory helper, but it gives the agent broad access to past conversation history and allows persistent skill installation without a clear user-approval boundary.

Install only if you want the agent to use long-term conversation memory for prior chats, preferences, and task history. Before using it, set a clear expectation that memory searches should be limited to the current task, sensitive or ambiguous recall should require confirmation, and any skill_install action should require explicit user approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is designed to activate whenever the user refers to past chats, preferences, or history, which is broad enough to cause frequent memory access without an explicit per-use consent step. In a memory-retrieval skill, overbroad invocation increases the chance of unnecessary retrieval of sensitive prior conversation data and can expose unrelated private context to the model.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guidance instructs the agent to search past conversations and even derive its own queries, but it does not require any user-facing notice that memory search may access historical personal data. That omission can lead to silent retrieval of sensitive information, especially when the agent reformulates broad or vague prompts into memory searches the user did not explicitly request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.