ClawHub

memories.sh CLI

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent CLI reference, but it normalizes cloud upload and force-restore of broad AI configuration files without enough safety controls or warning.

Install only if you trust the memories.sh CLI package and want a cloud-backed memory/config layer. Before running sync or files ingest/apply, review exactly which files will be uploaded or overwritten, avoid syncing secrets, use dry-run/list/show/diff where available, back up existing AI tool configs, and avoid --force unless replacement is intentional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents cloud sync, file upload, and `files apply --global --force` restore operations without warning that these actions may upload local project data to a remote service or overwrite local AI config files. In an agent setting, omission of these side effects can cause unintended data exfiltration or destructive config replacement, especially if a user or agent follows the workflow verbatim.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation states that `memories init` auto-detects AI tools and configures MCP while generating instruction files, but does not warn that it will modify the current project and write tool-specific config/instruction files. For an autonomous or semi-autonomous agent, this can lead to unanticipated filesystem changes, altered tool behavior, or persistence of instructions without clear user consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow instructs users to run `memories files apply --global -f` and `--project -f`, where the force flag implies overwriting existing configuration without an explicit warning, backup step, or preview. In a skill specifically focused on managing AI tool config files across machines, this increases the chance of destructive misuse: local configs, custom rules, or environment-specific settings could be silently replaced by synced versions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal