ClawHub
Back to skill

Security audit

dr-memory-foundation

Security checks across malware telemetry and agentic risk

Overview

This skill transparently sets up local memory files for an agent and does not show hidden network access, credential use, deletion, or deceptive behavior.

Install this only if you want persistent workspace memory files. Review existing MEMORY.md and memory/ content before applying, run the helper only from the intended workspace or with a deliberate --workspace path, and avoid storing secrets or untrusted instructions in always_on.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to create and modify files in the workspace and even provides a script that writes templates, but the skill metadata does not declare any permissions. Undeclared write capability is risky because it prevents users or a policy layer from accurately understanding and constraining the skill's ability to alter persistent state.

Session Persistence

Medium
Category
Rogue Agent
Content
## Apply to this workspace
When the user asks to **apply** this skill (for example: `Apply dr-memory-foundation to this workspace`), do this:
1) Inspect the existing workspace memory files.
2) Create any missing template files from `references/templates/`.
3) Preserve existing notes; merge or relocate content rather than deleting it.
4) Normalize `MEMORY.md` into preferences + indexes only.
5) Ensure `memory/always_on.md` contains a tiny policy header + topic catalog.
Confidence
79% confidence
Finding
Create any missing template files from `references/templates/`. 3) Preserve existing notes; merge or relocate content rather than deleting it. 4) Normalize `MEMORY.md` into preferences + indexes only.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.