ClawHub

Agent Os

Security checks across malware telemetry and agentic risk

Overview

This is a plausible local agent-memory tool, but it needs Review because saved-state file paths are not safely contained and project history is retained without clear controls.

Review before installing. Use only simple trusted agent and project IDs, avoid secrets or regulated data in goals, outputs, lessons, and errors, and exclude or delete the data directory before sharing or publishing the package. Prefer a fixed storage directory with ID validation and a clear cleanup workflow before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The architecture explicitly prioritizes persistence and documents that agent/project state is written to disk, but it provides no warning, consent model, retention policy, or guidance on handling sensitive content that may end up in those files. In an agent system, task goals, outputs, lessons learned, and activity metadata can easily contain proprietary or personal data, so silent persistence materially increases privacy and data exposure risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented memory structure and execution flow show that lessons, task outputs, completion history, token usage, timestamps, and other behavioral metadata are persisted to JSON files, yet the design omits any privacy or security notice about that storage. This is dangerous because operators may assume ephemeral processing while the system actually accumulates a searchable local history that could expose secrets, internal project details, or user-derived data.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The document explicitly advertises persistent memory and state written to disk but provides no warning about local retention, possible sensitive content in agent memory, or file access expectations. In an agent framework, persisted memory can easily capture prompts, project details, credentials, business data, or user-generated content, creating privacy and confidentiality risk if users assume execution is ephemeral.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example output names concrete persisted files and encourages use without explaining that these files may accumulate sensitive project and agent memory across sessions. Because this skill is specifically designed for persistent agent operation, the lack of warnings is more dangerous than in a stateless tool: users may unintentionally retain confidential material on disk, commit it to source control, or expose it through backups and shared systems.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly promotes persistent storage of agent memory, state, and project data to disk but provides no guidance on handling sensitive content, retention limits, access controls, or redaction. In an agent framework, these files can easily accumulate prompts, business data, credentials, or operational context, creating a real confidentiality and privacy risk if the local filesystem is exposed, backed up, or shared.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly states that agent memory, agent state, and project data are persistently written to a local data directory, but it provides no warning about retention, sensitivity, access controls, or safe handling of potentially confidential content. In an agent framework, those files may contain prompts, task history, internal notes, credentials, proprietary project details, or user data, so undocumented persistence materially increases the risk of unintended disclosure and privacy violations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Task output is persisted to disk verbatim, which can capture sensitive prompts, secrets, proprietary work product, or personal data produced during agent execution. In a persistent multi-session agent system, storing output by default increases confidentiality and retention risk, especially if other components or users can later read these files.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Persisting error objects including stack traces can expose filesystem paths, internal implementation details, tokens accidentally embedded in exceptions, and other sensitive debugging context. Because this agent is designed for persistent memory across sessions, these details may remain accessible long after the triggering error and broaden information disclosure risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal