ClawHub

dual-brain-memory-guardian

Security checks across malware telemetry and agentic risk

Overview

This is a persistent memory skill that openly uses local Markdown files and Pinecone, with no artifact-backed evidence of hidden or malicious behavior.

Install this only if you want persistent cross-session memory. Use a limited-scope Pinecone key and a non-production tenant first, avoid storing secrets or sensitive personal data, and review/clear ~/dual-brain-memory-guardian and the Pinecone namespace when you no longer want the memory retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The file claims to be the canonical runtime spec while also directing stateful actions such as modifying local Markdown memory files and clearing tenant-scoped vector memory. That expands the skill from passive documentation into operational authority over persistent data, increasing the chance an agent will perform destructive or privacy-impacting actions solely because the document says so.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage section is very broad and encourages invocation on common events like corrections, reflection, errors, and non-trivial work. In practice, this can cause the skill to activate far more often than a user would reasonably expect, increasing the chance that conversation content is persisted or sent to external memory systems without clear, contextual consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly advertises Pinecone-backed memory and requires a PINECONE_API_KEY, but it does not present a prominent user-facing warning that task content, corrections, and reflections may be transmitted to or stored in an external vector database. Because the skill is designed to trigger proactively and capture historical pitfalls, the missing disclosure materially raises privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs automatic loading of files from the user's home directory and project/domain memory paths at session start without a user-facing notice or consent flow. This can cause unintended access to local data and silent inclusion of potentially sensitive information in the agent's context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document mandates saving corrections, reflections, errors, and task summaries to Pinecone DEEP memory without an explicit privacy warning or consent requirement. That creates a real risk of transmitting sensitive user content, internal reasoning artifacts, traces, or project data to an external persistent store.

Persistent Context Injection

Medium
Category
Memory Poisoning
Content
After repeated similar corrections:

1. Ask whether this should become a permanent rule.
2. If yes, write concise rule to Markdown.
3. Keep the detailed episodes in Pinecone for traceability.
4. Cite rule source in future actions.
Confidence
93% confidence
Finding
a permanent rule

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal