ClawHub

Agentmm Skills

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed cloud memory and logging skill that sends selected memory/log data to AgentMM, with no hidden local file harvesting or unsafe installer behavior found.

Install only if you trust AgentMM or your configured self-hosted endpoint with the memories and logs you choose to store. Keep AGENTMM_API_KEY private, verify AGENTMM_API_BASE before use, enable approval for writes/deletes/sync if you want review, and do not store secrets or sensitive regulated data as memories or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises and documents execution of shell scripts and a CLI (`scripts/*`, `curl`, `jq`) but does not declare corresponding permissions. This weakens the platform's trust and review model because an installer or orchestrator may underestimate the skill's execution capabilities and allow broader command execution than users expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The documented purpose is memory and logging, but the file also discloses additional behaviors including account introspection (`/me`), local sync-state persistence, deletion/soft-delete operations, and autonomous background synchronization. These undeclared or under-emphasized behaviors expand the data-access and persistence surface, increasing privacy and misuse risk because agents may invoke the skill more broadly than the top-level description suggests.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation guidance is broad—'use when the user asks to remember information, recall memories, or record/query logs'—without clear exclusions for sensitive, regulated, or secret material. In a memory/logging skill, broad triggering is more dangerous because it can cause automatic transmission and persistence of credentials, personal data, or confidential workspace content to an external service.

External Transmission

Medium
Category
Data Exfiltration
Content
| 端点 | 方法 | 发送数据 | 说明 |
|---|---|---|---|
| `https://api.agentmm.site/memory` | GET / POST / DELETE | key, content, tags, context | 读写/删除记忆 |
| `https://api.agentmm.site/memory/search` | POST | query, limit, threshold | 关键词搜索记忆 |
| `https://api.agentmm.site/memory/changes` | GET | since, limit, offset | 增量同步记忆变更 |
| `https://api.agentmm.site/memory/stats` | GET | — | 记忆库统计 |
Confidence
95% confidence
Finding
https://api.agentmm.site/

External Transmission

Medium
Category
Data Exfiltration
Content
| 端点 | 方法 | 发送数据 | 说明 |
|---|---|---|---|
| `https://api.agentmm.site/memory` | GET / POST / DELETE | key, content, tags, context | 读写/删除记忆 |
| `https://api.agentmm.site/memory/search` | POST | query, limit, threshold | 关键词搜索记忆 |
| `https://api.agentmm.site/memory/changes` | GET | since, limit, offset | 增量同步记忆变更 |
| `https://api.agentmm.site/memory/stats` | GET | — | 记忆库统计 |
| `https://api.agentmm.site/log` | POST | level, title, content, metadata | 写入日志 |
Confidence
95% confidence
Finding
https://api.agentmm.site/

External Transmission

Medium
Category
Data Exfiltration
Content
|---|---|---|---|
| `https://api.agentmm.site/memory` | GET / POST / DELETE | key, content, tags, context | 读写/删除记忆 |
| `https://api.agentmm.site/memory/search` | POST | query, limit, threshold | 关键词搜索记忆 |
| `https://api.agentmm.site/memory/changes` | GET | since, limit, offset | 增量同步记忆变更 |
| `https://api.agentmm.site/memory/stats` | GET | — | 记忆库统计 |
| `https://api.agentmm.site/log` | POST | level, title, content, metadata | 写入日志 |
| `https://api.agentmm.site/log/list` | GET | level, category, task_id, since, limit | 查询日志 |
Confidence
93% confidence
Finding
https://api.agentmm.site/

External Transmission

Medium
Category
Data Exfiltration
Content
| `https://api.agentmm.site/memory` | GET / POST / DELETE | key, content, tags, context | 读写/删除记忆 |
| `https://api.agentmm.site/memory/search` | POST | query, limit, threshold | 关键词搜索记忆 |
| `https://api.agentmm.site/memory/changes` | GET | since, limit, offset | 增量同步记忆变更 |
| `https://api.agentmm.site/memory/stats` | GET | — | 记忆库统计 |
| `https://api.agentmm.site/log` | POST | level, title, content, metadata | 写入日志 |
| `https://api.agentmm.site/log/list` | GET | level, category, task_id, since, limit | 查询日志 |
| `https://api.agentmm.site/log/stats` | GET | since | 日志统计 |
Confidence
92% confidence
Finding
https://api.agentmm.site/

External Transmission

Medium
Category
Data Exfiltration
Content
| `https://api.agentmm.site/memory/search` | POST | query, limit, threshold | 关键词搜索记忆 |
| `https://api.agentmm.site/memory/changes` | GET | since, limit, offset | 增量同步记忆变更 |
| `https://api.agentmm.site/memory/stats` | GET | — | 记忆库统计 |
| `https://api.agentmm.site/log` | POST | level, title, content, metadata | 写入日志 |
| `https://api.agentmm.site/log/list` | GET | level, category, task_id, since, limit | 查询日志 |
| `https://api.agentmm.site/log/stats` | GET | since | 日志统计 |
| `https://api.agentmm.site/me` | GET | — | 查询 Agent 信息 |
Confidence
90% confidence
Finding
https://api.agentmm.site/

External Transmission

Medium
Category
Data Exfiltration
Content
| `https://api.agentmm.site/memory/stats` | GET | — | 记忆库统计 |
| `https://api.agentmm.site/log` | POST | level, title, content, metadata | 写入日志 |
| `https://api.agentmm.site/log/list` | GET | level, category, task_id, since, limit | 查询日志 |
| `https://api.agentmm.site/log/stats` | GET | since | 日志统计 |
| `https://api.agentmm.site/me` | GET | — | 查询 Agent 信息 |
| `https://api.agentmm.site/server/time` | GET | — | 健康检查(无需认证)|
Confidence
95% confidence
Finding
https://api.agentmm.site/

External Transmission

Medium
Category
Data Exfiltration
Content
| `https://api.agentmm.site/log` | POST | level, title, content, metadata | 写入日志 |
| `https://api.agentmm.site/log/list` | GET | level, category, task_id, since, limit | 查询日志 |
| `https://api.agentmm.site/log/stats` | GET | since | 日志统计 |
| `https://api.agentmm.site/me` | GET | — | 查询 Agent 信息 |
| `https://api.agentmm.site/server/time` | GET | — | 健康检查(无需认证)|

**不调用任何其他外部 URL。** 如果你的 `AGENTMM_API_BASE` 指向自部署实例,则请求会发往该地址而非上述默认地址。
Confidence
88% confidence
Finding
https://api.agentmm.site/

External Transmission

Medium
Category
Data Exfiltration
Content
| `https://api.agentmm.site/log/list` | GET | level, category, task_id, since, limit | 查询日志 |
| `https://api.agentmm.site/log/stats` | GET | since | 日志统计 |
| `https://api.agentmm.site/me` | GET | — | 查询 Agent 信息 |
| `https://api.agentmm.site/server/time` | GET | — | 健康检查(无需认证)|

**不调用任何其他外部 URL。** 如果你的 `AGENTMM_API_BASE` 指向自部署实例,则请求会发往该地址而非上述默认地址。
Confidence
88% confidence
Finding
https://api.agentmm.site/

Session Persistence

Medium
Category
Rogue Agent
Content
export AGENTMM_API_KEY="amm_sk_your_key"

# 写入日志
./scripts/agentmm log write --level info --title "任务完成" --content "详细过程" --task-id task_abc

# 查询日志
./scripts/agentmm log list --level error --limit 20
Confidence
74% confidence
Finding
write --level info --title "任务完成" --content "详细过程" --task-id task_abc # 查询日志 ./scripts/agentmm log list --level error --limit 20 # 查看统计 ./scripts/agentmm log stats ``` ## 安装 ```bash clawhub instal

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal