ClawHub

Inner Life Core

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about creating persistent agent memory, but it also lets that memory steer future autonomous actions with incomplete permission scoping.

Install only if you intentionally want an agent that keeps persistent local memory and lets that memory shape future behavior. Before using it with powerful tools such as shell, browser, git, publishing, accounts, or automation, review BRAIN.md, require explicit approval for risky actions and unsolicited outreach, and keep generated memory/task files out of version control or backups unless you want them retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The setup section documents creation of files such as SELF.md, memory/questions.md, and tasks/QUEUE.md, but these artifacts are not declared in the manifest's reads/writes. In an agent skill system, undeclared file operations undermine permission transparency and can lead operators or enforcement tooling to grant a skill broader effective access than intended, especially because these files can influence agent behavior and task execution.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The context protocol claims selective reading, but the documented scope references broader sources such as diary, dreams, questions, and system docs that are not reflected in the declared reads. This mismatch weakens least-privilege guarantees and can normalize access to sensitive memory or system files outside the manifest, which is particularly relevant for a persistence-oriented skill designed to shape future agent behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The protocol explicitly instructs the agent to write to multiple persistent files such as memory logs, queue files, and state files without requiring user disclosure, consent, or clear scoping. This creates a real privacy and integrity risk because the agent can silently retain sensitive information and alter task state across sessions in ways the user may not expect.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Context Protocol directs the agent to read relationship, diary, dreams, habits, and other personal memory files as standard operating procedure, but provides no privacy guardrails or minimization requirement. That is a true vulnerability because it normalizes broad access to sensitive personal context regardless of whether each task actually requires it.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal