ClawHub

大哥的记忆系统

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory-recovery skill whose main risk is intentional local retention of personal or work context, not hidden or malicious behavior.

Install only if you want local memory to persist across sessions and shape future agent behavior. Review the memory files periodically, keep secrets and highly private details out of them, and delete or edit entries that should not be reused later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs automatic session-end saving of current session state into memory files, but it does not present any explicit user warning, consent step, retention boundary, or guidance to exclude secrets and sensitive data. This creates a real privacy and data-retention risk because ordinary conversation content may be persisted beyond the session and later exposed through retrieval, backups, or file access.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The script consistently frames the assistant in a fixed persona and injects identity-laden memory content at startup, which can steer downstream behavior without any user opt-in or contextual validation. In a memory-recovery skill, this is more dangerous than generic stylistic text because restored 'memory' may implicitly override user expectations, preferences, or system behavior across sessions.

Ssd 3

Medium
Confidence
97% confidence
Finding
The permanent-memory design explicitly stores identity, preferences, relationships, and other long-lived personal context in Markdown files. Persisting this kind of natural-language personal data without minimization, sensitivity controls, or access restrictions increases the risk of privacy leakage, unintended profiling, and later disclosure to other sessions, tools, or users with filesystem access.

Ssd 3

Medium
Confidence
96% confidence
Finding
Automatic session logging and state saving preserve conversation contents without any documented safeguard for secrets, personal data, or sensitive business information. Because the logging is described as automatic, users may not realize their inputs are being retained, making accidental collection and later leakage more likely.

Ssd 3

Medium
Confidence
97% confidence
Finding
Session-end hooks and per-session records create systematic ongoing retention of each session's contents in daily memory, but no limits, sanitization, or access protections are described. In context, this makes the skill more dangerous because it is designed specifically to preserve data across restarts, increasing the amount and longevity of potentially sensitive material stored on disk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal