ClawHub
Back to skill

Security audit

ByteRover

Security checks across malware telemetry and agentic risk

Overview

ByteRover is a coherent project-memory skill, but its instructions are broad enough to cause unnecessary external-memory queries and persistent storage of user interaction details.

Review this skill before installing. Use it only for intentional project-memory workflows, avoid storing secrets or personal data, prefer local search when synthesis is not needed, and only enable remote sync or additional memory providers when you understand what content they can read or write.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The manifest says the skill 'MUST' be used for gathering context before any work, which creates an overly broad mandatory invocation rule. That can force the agent to consult an external memory/LLM-backed tool even when unnecessary, increasing the chance of unnecessary disclosure of user prompts, project context, or sensitive data to the tool and its configured provider.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger 'The user wants you to recall something' is vague and expansive, so an agent could invoke the tool for many normal conversations without clear necessity. Because `brv query` may send the query and relevant context to a configured LLM provider, this broad trigger materially raises the risk of unnecessary data exposure.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The curate guidance permits storing 'meaningful memories from user interactions' and facts about what the agent knows or has done, without tight boundaries on sensitivity, consent, or data minimization. This can lead to persistent storage of sensitive user information, secrets, internal decisions, or behavioral logs in the project knowledge base and potentially onward to an external LLM during curation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.