ClawHub

Personal Memory System Published

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it locally syncs a personal MEMORY.md file into a SQLite database, but users should review the hard-coded paths and automatic rebuild behavior before enabling it.

Before installing, change the hard-coded /home/awu paths to your own workspace, back up any existing memory.db, and only enable heartbeat syncing if you are comfortable with the script automatically rebuilding the memories table from MEMORY.md. There is no evidence of network exfiltration or hidden external service use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill clearly describes reading local files such as MEMORY.md and interacting with memory.db, yet no explicit permissions are declared. This creates a transparency and consent problem: a user or platform may not realize the skill needs filesystem access, and permission enforcement cannot be meaningfully applied. In a memory-management skill that handles potentially sensitive personal notes, undeclared file access is more concerning than in a trivial read-only utility.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The skill states that syncing happens automatically on each heartbeat and writes user content into a local SQLite database, but it does not present this as a clear warning or require explicit user acknowledgement. Automatic background modification of files/databases can surprise users, overwrite expected state, and persist sensitive content without informed consent. Because this skill operates on personal memory data, the privacy and integrity implications are elevated.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script unconditionally deletes all rows from the memories table whenever MEMORY.md is newer than the database, with no backup, transaction-safe migration strategy, or validation that parsing succeeded. In a personal memory system, this can cause irreversible data loss or database corruption of the user's knowledge base if the markdown file is malformed, truncated, or modified unexpectedly before sync runs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal