ClawHub
Back to skill

Security audit

Nova Memory

Security checks across malware telemetry and agentic risk

Overview

Nova Memory is a local workspace memory tool; it persists user-selected memories on disk, but I found no hidden network access, credential use, automatic background execution, or destructive behavior.

Install only if you want selected workspace information, tags, entities, and analytics data persisted locally. Avoid storing secrets or regulated personal data, review the memory directory periodically, and be cautious with broad trigger words or optional exports into shared files like MEMORY.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill claims all storage remains under /workspace, but the integration guidance suggests writing auto_reflect() output into MEMORY.md or memory/lessons.md, which may fall outside the declared storage boundary and outside the skill-owned directory. This mismatch weakens containment guarantees, can cause the skill to overwrite shared workspace memory files, and may let persisted model-generated content influence other components that trust those files.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger words include very broad everyday terms such as remember, recall, search, tag, and graph, which can cause accidental activation in unrelated conversations. In an agent environment, unintended invocation of a memory-writing or memory-querying skill can leak prior context, persist sensitive user content without intent, or let routine dialogue alter long-term memory state.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.