ClawHub

Session Recovery

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local session-recovery system, but users should treat its saved notes as potentially sensitive project memory.

Install this only if you want local project memory files. Do not store secrets, tokens, customer data, or confidential prompts in STATUS.md or memory/. Review generated summaries before using them as authoritative context, and avoid enabling the Git hook or Cron examples unless you are comfortable with automatic file updates, archiving, and possible staging of memory notes for commit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The README states that complete conversation history is not preserved, yet the documented Git hook stages `memory/` for commit. If that directory contains detailed session logs, users may unintentionally retain and distribute sensitive records through version control, contradicting the privacy claim and increasing data exposure risk. In this skill context, that is more dangerous because the whole system is designed to capture and recover prior AI session context, which is likely to include prompts, decisions, file paths, and potentially secrets.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README repeatedly instructs users to run automation scripts and wire them into Git hooks and Cron, but does not warn that these scripts will modify repository files automatically. This can cause silent state changes, accidental commits of generated summaries/logs, and persistence of sensitive information without clear user awareness. The risk is elevated here because the skill's purpose is ongoing session capture and recovery, so automated file mutation is central and likely to touch project documentation and memory artifacts frequently.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document recommends automatic full-conversation logging and even provides example code that writes user messages, AI responses, and tool activity to local files, but it does not include safeguards for sensitive-data handling, retention limits, access controls, consent, or redaction. In a session-recovery skill, conversations are likely to contain credentials, private project data, internal paths, and tool outputs, so enabling broad automatic logging can create a durable local cache of sensitive information that would otherwise disappear with the session.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly recommends replacing or deleting full conversation history with an AI-generated summary, but it does not warn users that summaries are lossy and may omit critical requirements, safety constraints, approvals, or audit-relevant details. In a session-recovery skill, this is more dangerous because users are likely to rely on the compressed record as authoritative state, increasing the chance of silent context corruption or irreversible loss of important information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The semi-automatic and automatic workflows describe scripts that summarize sessions, update STATUS.md, and archive records, but they omit explicit warnings that these actions modify project state and conversation records. In this skill context, automation around session recovery and memory management makes unintended overwrites, misleading summaries, or archival mistakes more likely to propagate across future sessions, causing operational and integrity issues.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill instructs the AI and user workflow to persistently record session content, decisions, constraints, and status into files like STATUS.md and memory logs. That creates a real data-leakage risk because sensitive prompts, secrets, internal paths, or personal data can be retained in plaintext and later exposed through shared files, backups, repository commits, or subsequent responses.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly recommends exporting or automatically recording full conversation logs, which broadens collection from key summaries to complete transcripts. Full transcripts are significantly more dangerous because they can capture everything the user entered, including secrets, proprietary material, system prompts, and tool outputs, all in plain language and potentially without adequate access controls.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal