ClawHub

Awublack Personal Memory System

Security checks across malware telemetry and agentic risk

Overview

This personal memory skill includes simple local database scripts, but its documentation asks users to run an unreviewed background Git sync that may push private notes to GitHub while also claiming the data stays local.

Review before installing. Do not start the Git sync daemon unless you have inspected git_sync_on_save.sh, confirmed the exact repository and files it will push, and are comfortable storing your personal memory content remotely. Avoid putting secrets or highly sensitive notes in MEMORY.md, and prefer manual Git review unless the sync behavior is made explicit and controllable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill makes strong security and reliability claims such as 'local only', 'never lost', remote recovery, automatic sync, daemon monitoring, and Git-backed redundancy, while the analyzed behavior reportedly does not implement most of these controls. This mismatch is dangerous because users may store sensitive personal knowledge under false assumptions about backup, auditability, and transmission, leading to privacy exposure or irreversible data loss.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The script unconditionally deletes all rows from the memories table before repopulating it from MEMORY.md. In a personal memory system marketed as high-reliability and recoverable, this creates a data integrity risk: if parsing is incomplete, the source file is partially written, or the import fails mid-run, previously stored data is lost and the database can be left empty or truncated.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly promotes automatic syncing and states that the system includes a remote Git repository, but it does not clearly warn that highly sensitive personal memory content may be committed and transmitted off-machine. In the context of a personal memory system, this omission is especially risky because users may assume 'local-only' handling while their notes are actually replicated to a remote service, increasing confidentiality and privacy exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions tell users to launch a background daemon with nohup that continuously monitors and syncs content, but they do not warn that it will keep running and automatically process potentially sensitive memory data. For a tool handling personal knowledge and recollections, silent continuous syncing materially increases the chance of unintended disclosure and loss of user control.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill advertises automatic Git sync and names a remote GitHub repository for an Obsidian vault, yet also frames the system as local and safe without a clear, prominent warning that personal notes may be transmitted off-host. This is dangerous because users may unknowingly replicate sensitive memory data to a remote service, expanding exposure, retention, and account-compromise risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The function opens and queries a personal memory database containing potentially sensitive user notes without any consent check, access control, or even a user-facing disclosure at query time. In the context of a personal-memory skill, this is more dangerous because the entire dataset is explicitly described as long-term private knowledge synchronized across local and remote storage, so silent retrieval increases privacy and data-exposure risk.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill is designed to persist and retrieve personal thoughts, decisions, and notes across multiple stores, including a remote repository, while presenting the system as safe/local memory. In this context, broad aggregation of sensitive personal data increases privacy risk because compromise or misconfiguration of any store can expose a much richer behavioral history than a single local note file.

Ssd 3

Medium
Confidence
82% confidence
Finding
Automatically recording important user decisions and converting free-form notes into a searchable database creates a durable, queryable profile of sensitive personal information. Even if intended as a productivity feature, this increases the blast radius of disclosure because private content becomes easier to aggregate, search, summarize, and potentially exfiltrate if other components are compromised.

Session Persistence

Medium
Category
Rogue Agent
Content
3. **Start the Git sync daemon** (if not already running):
   ```bash
   cd /home/awu/.openclaw/workspace-work/
   nohup ./git_sync_on_save.sh > git_sync.log 2>&1 &
   ```
4. **Verify the daemon is running**:
   ```bash
Confidence
93% confidence
Finding
nohup

Session Persistence

Medium
Category
Rogue Agent
Content
- `git_sync.log`
   - `auto_sync_memory.py`
   - `query_memory.py`
3. **运行**:确保 `git_sync_on_save.sh` 已通过 `nohup ./git_sync_on_save.sh > git_sync.log 2>&1 &` 启动并常驻后台。
   - 检查:`ps aux | grep git_sync_on_save.sh`
   - 重启:`pkill -f git_sync_on_save.sh && nohup ./git_sync_on_save.sh > git_sync.log 2>&1 &`
4. **查询**:直接向 AI 助手提问,例如:“我过去对 Obsidian 的看法是什么?” 系统会自动调用 `query_memory.py` 脚本检索并回答。
Confidence
91% confidence
Finding
nohup

Session Persistence

Medium
Category
Rogue Agent
Content
- `query_memory.py`
3. **运行**:确保 `git_sync_on_save.sh` 已通过 `nohup ./git_sync_on_save.sh > git_sync.log 2>&1 &` 启动并常驻后台。
   - 检查:`ps aux | grep git_sync_on_save.sh`
   - 重启:`pkill -f git_sync_on_save.sh && nohup ./git_sync_on_save.sh > git_sync.log 2>&1 &`
4. **查询**:直接向 AI 助手提问,例如:“我过去对 Obsidian 的看法是什么?” 系统会自动调用 `query_memory.py` 脚本检索并回答。
## 安全与隐私
- **完全本地化**:所有数据(`MEMORY.md`, `memory.db`, `query_memory.py`, `obsidian-vault/`, `git_sync_on_save.sh`, `git_sync.log`)均存储在你的本地工作区,不上传、不共享。
Confidence
88% confidence
Finding
nohup

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal