ClawHub

智能记忆触发系统

Security checks across malware telemetry and agentic risk

Overview

This code-free memory skill is aligned with its workflow-documentation purpose, but it broadly records and reuses task history without clear consent, retention, deletion, or sensitive-data limits.

Install only if you want the agent to maintain persistent workflow memory. Require confirmation before saving or reusing workflow notes, avoid storing secrets or private operational details, review the saved workflow directory periodically, and disable cross-agent sharing or recurring reviews unless you explicitly need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The mandatory trigger list includes broad concepts such as repetition, explicit request keywords, and multi-step tasks that commonly occur in ordinary conversations. In a skill designed to auto-trigger proactive behavior, these loose conditions can cause unintended activation and unnecessary workflow creation, which may expose user task context or create noisy persistence of information.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The recommended trigger conditions use subjective terms like potential reuse, team collaboration, and error risk without measurable thresholds. That ambiguity makes the skill unpredictable and prone to over-triggering, especially because it is intended to act proactively rather than only on direct user instruction.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The task classification keywords are extremely generic words like create, edit, run, install, and integration, which appear in many harmless requests. Using such broad terms to drive repetition detection or workflow triggering can misclassify normal tasks and lead to unnecessary retention or documentation of user activities.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Keywords like remember, save, summarize, process, later, and next time are common in ordinary dialogue and do not reliably indicate consent to store workflow documentation. In this skill, they can incorrectly infer user intent and trigger proactive recording behavior, increasing the chance of capturing sensitive operational details without sufficiently clear authorization.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to match ordinary conversational language, which can cause the agent to create or surface workflow memory when the user did not intend durable documentation behavior. In a memory-trigger system, this can lead to unintended retention, noisy automation, and possible capture of sensitive operational context from routine requests.

Vague Triggers

Low
Confidence
82% confidence
Finding
The repetition-based trigger is underspecified because it does not define what makes tasks 'same or similar,' leaving the system free to over-generalize across unrelated requests. That ambiguity can cause accidental workflow creation, inappropriate memory linking, and propagation of stale or incorrect procedures across tasks.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to inspect task history, detect repeated tasks, analyze user intent, and create workflow documentation from prior activity. This establishes a natural-language retention mechanism for user behavior and operational context, which can accumulate sensitive data over time without clear minimization, consent, or retention limits.

Ssd 3

Medium
Confidence
96% confidence
Finding
The weekly and periodic review process requires ongoing retention and analysis of task history to find undocumented work, which increases the amount and duration of stored user activity. Continuous review of historical tasks raises privacy and security risk because the retained corpus may contain confidential operational details, especially when combined with proactive workflow generation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal