ClawHub

Context Continuity

Security checks across malware telemetry and agentic risk

Overview

This memory-continuity skill is transparent about what it does, but it automatically stores and reuses conversation history with too little user control.

Install only if you are comfortable with local conversation memory being written automatically. Review the memory files regularly, avoid using it around secrets or private data, and consider changing it to ask before saving or loading memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are overly broad and include common conversational terms like “继续”, which can cause the skill to activate unintentionally during normal dialogue. In this skill’s context, unintended activation is more dangerous because it can lead to automatic retrieval and exposure of prior conversation memory without clear user intent.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill explicitly states that all conversation content will be recorded automatically without user confirmation, which creates a privacy and data-handling vulnerability. This is especially dangerous here because the skill is designed to persist user conversations, including potentially sensitive information, by default and without informed consent.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documented automatic file-write behavior persists conversation summaries to disk without warning users or defining any safety boundaries around what may be stored. In practice, this can silently create sensitive local artifacts containing user data, project details, or secrets that may later be read back or exposed.

Ssd 3

High
Confidence
100% confidence
Finding
Automatically logging all conversation content without confirmation, combined with an instruction not to filter private content, creates a direct sensitive-data exposure risk. The skill context makes this more dangerous because its primary function is memory persistence, so the unsafe behavior is not incidental but central to operation.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs automatic recording of all dialogue content to memory files without asking the user, which can persist secrets, personal information, and confidential work context to disk. Because the write happens routinely at session end, users may not realize a durable copy is being created.

Ssd 3

Medium
Confidence
93% confidence
Finding
The example format stores verbatim user statements and derived context in daily logs, increasing the chance that sensitive or identifying data will be retained and later disclosed. While the example is illustrative, it normalizes storing more detail than necessary for continuity.

Ssd 3

Medium
Confidence
92% confidence
Finding
Reading recent memory files and surfacing prior preferences or settings back into conversation can re-expose sensitive data from previous sessions, including information the user did not intend to revive in the current context. This risk is amplified because the upstream collection process is already overbroad and non-consensual.

Ssd 3

High
Confidence
100% confidence
Finding
The instruction to ‘respect privacy’ by not filtering content and placing deletion responsibility on the user reverses basic privacy and security expectations. It promotes unrestricted retention of sensitive material and makes harm more likely because users must discover and manually clean up data that should never have been stored.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal