ClawHub

Memory Lancedb Pro Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent memory-plugin setup guide, but it asks agents to handle raw API keys in chat and recommends running an unpinned remote installer.

Review before installing. Prefer setting API keys as environment variables or through a secret manager, do not paste long-lived keys into chat, ask for a config diff before any write or gateway restart, and avoid running the remote installer unless you have pinned and reviewed the script source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to ask users to paste raw API keys into chat and treats that as part of the normal setup flow. This creates an unnecessary secret-exposure channel in natural-language logs, transcripts, agent memory, and downstream tooling, especially because the skill also encourages reusing those keys in later verification and config steps.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill recommends downloading and executing a remote shell installer script directly from the internet. That pattern delegates trust to mutable external content and enables arbitrary code execution if the upstream repository, transport, or referenced script is compromised.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes generic phrases and common technical terms such as "memory_store," "Smart Extraction," and especially broad wording like "help me enable the best config," which could activate the skill in unrelated contexts. In an agent environment, unintended activation can inject extensive operational guidance into context, causing confusion, misapplied actions, or increased attack surface for prompt-routing abuse.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Collecting pasted API keys directly from the user without a strong privacy warning or safer alternative normalizes unsafe secret handling. In an agent environment, this is especially risky because chats may be stored, summarized, recalled, or exposed to operators and plugins.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The curl-to-shell workflow is presented as beginner-friendly without a prominent warning about reviewing untrusted code first. Even if intended as convenience, it conditions agents and users to execute remote scripts sight unseen, which is a common compromise vector.

Ssd 3

High
Confidence
99% confidence
Finding
The workflow tells the agent to collect API keys in plain chat and then use them in subsequent steps, which turns the model interaction itself into a secret-handling surface. Given this is a memory plugin skill, the context makes it more dangerous because captured secrets may be stored or auto-recalled later.

Ssd 3

High
Confidence
99% confidence
Finding
The skill instructs agents to substitute actual API keys inline and even asks for temporary pasting for verification. This semantically encourages plaintext disclosure, repetition, and possible persistence of secrets across configs, logs, shell history, and agent outputs.

Ssd 3

Medium
Confidence
95% confidence
Finding
Although many examples use environment-variable placeholders, the surrounding guidance instructs use of actual provided keys inline, encouraging plaintext retention in config and transcripts. This is a genuine secret-handling weakness even if the examples themselves are partially sanitized.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal