ClawHub

Memory Review

Security checks across malware telemetry and agentic risk

Overview

This skill is not visibly malicious, but it needs review because it can automatically read diary and configuration files, persist derived knowledge, edit agent-related files, and send reports externally without clear approval gates.

Install only if you want automated diary review and persistent memory updates. Before enabling cron or session-end runs, use a dry-run or manual confirmation flow, restrict writes to dedicated memory output paths, avoid automatic TOOLS.md or AGENTS.md edits, and verify any Feishu destination and report contents before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states it will automatically write to the knowledge base, reports, logs, and possibly configuration-related files, but it does not present any consent, preview, or safety boundary before modifying user data. In an agent setting, automatic persistent writes can cause unintended data corruption, privacy issues, or propagation of incorrect inferences from diary content into long-lived memory files.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill reads sensitive delivery configuration from AGENTS.md or MEMORY.md and mentions report delivery, yet it provides no warning about handling identifiers or possible outbound transmission. That combination creates a realistic risk of exposing internal IDs, routing information, or derived sensitive content from diaries through automated delivery workflows without informed user approval.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The spec explicitly says the skill will automatically write extracted content into the knowledge base and execution logs, but it does not require user notice, consent, preview, or approval before persisting potentially sensitive diary-derived information. Because the source material is recent personal/project journals, this can cause unintended retention of private, internal, or incorrect information and make it harder to remove once written to multiple files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The spec allows report delivery based on AGENTS.md or MEMORY.md configuration to an external Feishu target, but it does not define any privacy gating, content minimization, redaction, or user approval before sending. Since the skill scans diaries and synthesizes knowledge, reports may contain sensitive personal, organizational, or project details that could be exfiltrated to third-party channels or misrouted recipients.

Ssd 3

Medium
Confidence
91% confidence
Finding
The instructions direct the skill to read configuration files that may contain sensitive identifiers and feed them into an automated processing and delivery pipeline. In this skill’s context, that is more dangerous because the same workflow also scans personal diaries and produces reports, increasing the chance that secrets, identifiers, or sensitive context are unnecessarily accessed, retained, or transmitted.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal