ClawHub

elite-human-memory

Security checks across malware telemetry and agentic risk

Overview

This memory skill fits its stated purpose, but it may automatically store and retrieve conversation history without clear privacy, consent, retention, or deletion controls.

Install only if you intentionally want an agent to keep searchable cross-session memory. Configure it to require explicit user approval before writing memories, avoid storing secrets or regulated personal data, keep vector storage local unless deliberately enabled, and provide a clear way to inspect and delete stored memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly instructs integrators to hook automatic read/write triggers into the agent context loop and recommends persistent local filesystem storage, but it does not warn that user prompts, inferred memories, or other potentially sensitive data may be written automatically. In a memory skill, this omission is security-relevant because deployers may enable persistence by default without informed consent, retention limits, or privacy safeguards, increasing the risk of unintentional collection and exposure of sensitive user data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The auto-read trigger uses subjective language such as when the context 'feels incomplete or contradictory,' which gives the agent broad discretion to inspect persisted memory without a clear user request. In a memory skill handling cross-session personal data, this can cause unnecessary retrieval of sensitive historical context and violate user expectations around when stored data is accessed.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The auto-write rules allow persistence when 'clear decisions,' 'repeated preferences,' or 'new long-running context' appear, but these terms are undefined and not bounded by consent or sensitivity checks. This creates a real risk that conversation-derived personal, confidential, or regulated information will be stored permanently even when the user did not clearly intend that outcome.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes persistent episodic and semantic storage in detail, but it does not present a prominent warning that ordinary conversation content may be retained across sessions. In a portable, multi-agent context, this omission is more dangerous because deployers may enable the skill broadly and users may not realize their inputs are being written to durable files or vector indexes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal