ClawHub

Vestige

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local memory skill, but it may save and reuse personal or project details too automatically for users to notice.

Install only if you want a persistent local memory layer and are comfortable with it storing user preferences, reminders, and project context across sessions. Before using it, verify the local vestige binaries, learn how to review and delete memories, and avoid letting it store secrets, credentials, health, financial, legal, or other sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad, common conversational patterns such as 'I prefer...' and 'Don't forget', and the skill directs automatic persistence when they appear. In a memory skill, this creates a real risk of unintentionally storing sensitive personal, project, or instruction data without an explicit confirmation boundary, especially because persistence spans sessions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description advertises persistent recall across sessions but does not clearly warn that personal and project information may be stored long-term and resurfaced later. For a tool explicitly designed to collect memory, omission of a privacy warning increases the likelihood that users disclose sensitive data under the assumption of ephemeral chat behavior.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill explicitly encourages storing user preferences, bug fixes, project patterns, and reminders across sessions without defining sensitivity boundaries or exclusions. This creates a privacy and data-governance vulnerability because the system can accumulate sensitive operational and personal context over time and reuse it in later conversations.

Ssd 3

Medium
Confidence
95% confidence
Finding
The trigger-word table instructs automatic saving of broad classes of natural-language statements into persistent memory, including preferences, reminders, and statements marked important. Because these cues are common in normal dialogue, the skill can capture sensitive user data incidentally and preserve it beyond the original context, making accidental overcollection likely.

Ssd 3

Medium
Confidence
91% confidence
Finding
The session-start routine directs the agent to automatically retrieve prior user preferences, instructions, and project context at the beginning of conversations. This increases the chance that previously stored private or stale information is resurfaced without need-to-know justification, potentially exposing sensitive context or influencing responses inappropriately.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal