ClawHub

AgentMemory

Security checks across malware telemetry and agentic risk

Overview

AgentMemory is a coherent cloud memory skill, but it asks agents to sync memories, files, and secret metadata to a third-party service with broad persistence and unclear control boundaries.

Install only if you intentionally want a third-party cloud memory service for your agent. Use least-privileged API keys, do not store production credentials or regulated personal data, pin and verify the npm CLI before installing it globally, and require explicit confirmation before uploading files, storing sensitive memories, deleting memories, or revealing secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill gives contradictory guidance: it offers a secrets vault for storing API keys and credentials while later telling users not to store passwords or API keys. This inconsistency can cause agents or users to mishandle secrets, especially because the broader document promotes automatic syncing and cloud persistence for sensitive material.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The natural-language command mapping is overly broad and lacks confirmation, authorization, or scope boundaries. An agent could interpret ordinary conversational phrases as instructions to store, update, search, or delete remote memories, causing unintended data exfiltration or destructive actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill repeatedly advertises that commands 'auto-sync' and encourages broad use, but it does not consistently warn that local content, files, and remembered information will be transmitted to a third-party cloud service. This can mislead users and agents into sending sensitive or regulated data off-device without informed consent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The heartbeat section states that responses include all memories and secret names, yet it frames this as routine connectivity behavior and says the CLI handles it automatically. That combination can cause sensitive metadata and memory contents to be transmitted frequently without operators understanding the privacy implications.

VirusTotal

43/43 vendors flagged this skill as clean.

View on VirusTotal