ClawHub

Recall

Security checks across malware telemetry and agentic risk

Overview

Recall is an instruction-only skill that teaches agents to check local context and keep notes, with broad but disclosed memory/context behavior that users should manage carefully.

Install this if you want an agent to proactively read agent-facing workspace context and maintain local memory across sessions. Review memory, TOOLS.md, and task files periodically, avoid storing secrets or sensitive personal details, and require explicit confirmation before the agent uses tools that send messages, post publicly, spend money, or modify important data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill expands from 'knowledge checking' into instructing the agent to write persistent session data, update tool configuration documentation, and modify task files. That creates an unnecessary persistence channel that can store sensitive user/context data or alter future agent behavior, which is riskier than the skill's stated purpose requires.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The checklist directs the agent to persist information across sessions without clearly tying that behavior to hallucination resistance. Persistent writes can capture sensitive preferences, decisions, or mistakes and can poison future sessions if inaccurate or manipulated data is recorded as trusted context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to read identity, memory, task, and tool configuration files immediately and even before the user finishes their first message, without notice or consent. This encourages preemptive access to potentially sensitive local context unrelated to the request, increasing the chance of privacy violations, overscoped data access, and accidental disclosure in later responses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal