ClawHub

Memory Boost

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate memory skill, but it automatically persists and reuses shared assistant memory with limited user control or privacy safeguards.

Install only if you are comfortable with assistants automatically reading and updating local memory files across sessions. Avoid storing secrets, credentials, regulated data, client-confidential material, or private personal details; inspect and prune the memory files regularly; and consider limiting use to a project-specific directory rather than shared home-level memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This is a real security issue because the skill mandates automatic reads and writes to files in the user's home directory before and after normal interactions, without requiring a per-action user request. That broad behavioral policy expands the skill from a simple memory aid into an always-on file access mechanism, increasing privacy, unintended data modification, and prompt-injection style persistence risks.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The metadata describes the skill as a simple text-based memory system, but the body imposes mandatory autonomous behavior on the assistant to persist and retrieve information across sessions. That mismatch is security-relevant because users and platforms may approve or install the skill without understanding that it changes agent behavior and grants broad implicit file access expectations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs the AI to automatically read and write persistent memory files every session, but it provides no consent flow, retention limits, or guidance about excluding sensitive data. This creates a real privacy and data-governance risk because user information may be stored across sessions without clear boundaries or user awareness.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill encourages automatic read/write memory behavior as a normal feature but does not clearly warn users that personal preferences, project details, and session notes may be persisted to disk. This creates a meaningful privacy risk because users may disclose sensitive information believing they are only chatting, while the skill silently turns that into durable shared records.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Requiring every loaded assistant to read shared memory files before responding creates cross-assistant data exposure by design, yet the skill does not prominently warn that one assistant may inherit data written by another. In practice this can leak sensitive project history, preferences, or notes to tools, models, or sessions that the user did not intend to share that information with.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The installer modifies the workspace by creating multiple files and directories immediately on execution, without prompting the user or offering a dry-run/consent step. In an agent-skill context, this is more risky because users may run install scripts expecting limited setup, while the script silently persists content into shared workspace state that later agents or tools may trust or consume.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill encourages persistent recording of context, preferences, and decisions across sessions without any data-minimization policy or sensitivity screening. In practice, this can cause over-collection of personal or confidential information and make that data available in later sessions beyond the original purpose.

Ssd 3

Medium
Confidence
98% confidence
Finding
The 'Remember This' workflow tells the AI to write user-provided content immediately, with no validation or warning about sensitive information. That is dangerous because users may ask to remember passwords, API keys, personal identifiers, or confidential business data, which would then be persisted to disk and potentially reused or exposed later.

Ssd 3

Medium
Confidence
93% confidence
Finding
The shared-memory guidance expands access to persisted data across multiple assistants, increasing the chance of unintended disclosure, inconsistent handling, or cross-agent leakage. Even if the feature is collaborative in intent, sharing a single memory file widens the trust boundary without any access controls or data-segregation guidance.

Ssd 3

Medium
Confidence
96% confidence
Finding
These mandatory instructions create systematic retention and reuse of user-provided information, including preferences, project history, and decisions, which is a genuine data persistence and leakage risk. Because the behavior is framed as mandatory and routine, the assistant may store sensitive information without meaningful review, propagating it into future sessions or to other assistants that access the same files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal