ClawHub

nix-memory

Security checks across malware telemetry and agentic risk

Overview

This local memory-integrity skill stores workspace baselines and helper files, but its behavior is disclosed, purpose-aligned, and shows no evidence of exfiltration or hidden privileged actions.

Install only if you want local identity and memory tracking. Before running setup or quickstart, remove secrets from SOUL.md, IDENTITY.md, USER.md, AGENTS.md, MEMORY.md, HEARTBEAT.md, and workspace Markdown files, because copies, hashes, diffs, and reports may persist under .nix-memory. Review quickstart first if you do not want it to add agent.json, memory helper scripts, or HEARTBEAT.md checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The installer writes multiple files into the user's workspace and changes operational behavior by creating agent metadata, scripts, templates, and HEARTBEAT instructions without any interactive confirmation, dry-run mode, or clear opt-in for each change. In an agent-skill context, silent workspace modification increases the risk of unexpected persistence, trust confusion, and accidental overwrite of local state, even if the script appears intended as a convenience installer.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script creates full baseline copies of identity-related markdown files, which may contain sensitive personal, behavioral, or operational information, and does so automatically without explicit consent, minimization, or access controls. This increases exposure if the baseline directory is later read by other tools, synced, backed up, or accessed by another local user/process.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal