ClawHub

Persistent Agent Memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Coral Bricks remote memory skill, but anything stored or searched through it is sent to a third-party service and may persist across sessions.

Install only if you are comfortable sending selected memory text, metadata, and search queries to Coral Bricks. Use a dedicated revocable API key, avoid storing secrets or sensitive regulated data, and verify important deletions because the forget command is semantic and does not preview matches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to send user-provided memories, preferences, and workflow context to a third-party remote API for persistent storage, but it does not provide a strong, explicit warning not to store secrets, credentials, regulated data, or other sensitive personal information. Because the feature encourages long-term retention across sessions, users may inadvertently exfiltrate sensitive data to an external service without informed consent or proper data-minimization safeguards.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This script performs a destructive delete operation against persistent agent memory based solely on a free-form query, with no confirmation prompt, dry-run mode, or safeguard against overly broad matches. In the context of a persistence/memory skill, that increases the chance of accidental or automated data loss, especially because the endpoint deletes by query rather than explicit IDs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends the user-supplied query to a third-party service without any inline disclosure, confirmation, or data-sensitivity guard. In a persistent-memory skill, queries may contain prompts, secrets, internal project details, or prior session context, so silent transmission creates a real confidentiality risk even if it is part of the feature's intended behavior.

External Transmission

Medium
Category
Data Exfiltration
Content
# Memory API — simpler "recall that" interface
QUERY_JSON=$(printf '%s' "$QUERY" | python3 "$HELPER")
RESP=$(curl -s -X POST "https://search-api.coralbricks.ai/api/v1/memories/search" \
  -H "Authorization: Bearer ${CORAL_API_KEY}" \
  -H "Content-Type: application/json" \
  -d "{\"query\": ${QUERY_JSON}, \"k\": ${K}}")
Confidence
97% confidence
Finding
curl -s -X POST "https://search-api.coralbricks.ai/api/v1/memories/search" \ -H "Authorization: Bearer ${CORAL_API_KEY}" \ -H "Content-Type: application/json" \ -d

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: persistent-agent-memory
description: "Add persistent memory to any agent so it can remember prior work, maintain context across sessions, and continue long-running workflows."
metadata:
  {
    "openclaw":
Confidence
89% confidence
Finding
maintain context across sessions

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal