ClawHub
Back to skill

Security audit

BlueColumn Memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent BlueColumn memory skill, but it should be reviewed because it can automatically persist conversation summaries to an external memory service without a clear per-session approval step.

Install only if you intentionally want BlueColumn to store and retrieve agent memory. Keep the API key in a secret store, verify the provider endpoint and retention/deletion terms, and require the agent to ask before saving session summaries, documents, audio, personal data, credentials, confidential business details, or regulated information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs agents to proactively upload end-of-session summaries, which can cause conversation content to be transmitted to an external service without a fresh, specific user request for that storage action. In a memory skill handling notes, conversations, documents, and audio, this creates a real privacy and consent risk because sensitive session content may be summarized and persisted beyond what the user intended.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file contains conflicting guidance: it says only content the user explicitly wants stored should be sent, but later instructs proactive session-summary uploads. This inconsistency is dangerous because an agent following the whole document may override the safer consent rule and exfiltrate conversation-derived content to the external memory backend.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Triggering the skill whenever a user mentions a BlueColumn API key is overly broad and may invoke memory operations even if the key mention is incidental, diagnostic, or unrelated to a storage/retrieval request. In this context, unnecessary invocation is risky because it can lead to unauthorized use of credentials and unintended transmission of user data to the BlueColumn service.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Triggering the skill whenever a user mentions a BlueColumn API key is overly broad and may invoke memory operations even if the key mention is incidental, diagnostic, or unrelated to a storage/retrieval request. In this context, unnecessary invocation is risky because it can lead to unauthorized use of credentials and unintended transmission of user data to the BlueColumn service.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs proactive end-of-session transmission of conversation summaries without a clear user-facing warning in the behavior description. That omission is dangerous because users may not understand that ordinary conversation content could be summarized and sent to an external memory provider automatically.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The API reference explicitly instructs agents to send user-provided text, audio URLs, and file URLs to a remote backend, but it does not include any user-facing disclosure, consent guidance, or privacy warning about transmitting potentially sensitive content off-platform. In a memory skill, this is especially risky because users may provide conversations, notes, documents, or other sensitive data under the assumption it is being handled locally or with clearer privacy boundaries.

Ssd 3

Medium
Confidence
96% confidence
Finding
These instructions tell the agent to summarize and transmit session content to BlueColumn without requiring explicit consent for that specific action. Because the skill is designed to ingest conversations and other potentially sensitive material, automatic summarization and upload can leak confidential or personal information into persistent third-party storage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal