ClawHub

Memphis Cognitive

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent documentation package for an AI memory tool, but its install instructions repeatedly ask users to run unverified remote shell scripts, including privileged setup commands.

Review the external Memphis installer before running it, prefer a pinned release or manual inspected install over curl | bash, and avoid sudo-piped setup commands unless you trust the source. Treat Memphis memory as sensitive: decisions, journals, reflections, and synced blocks may include private project or business context, so use trade and share-sync only with trusted peers after checking exactly what will be exported.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The quickstart instructs users to execute a remote script directly via `curl ... | bash` with no integrity verification, pinning, review step, or warning about the risks. This allows compromise of the GitHub account, repository, branch contents, network path, or install script to immediately become arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README recommends shell-piped installer commands that fetch remote content and execute it immediately, including one with sudo privileges, without any warning about verifying the script first. This is dangerous because a compromised upstream host, repository, or network path could lead users to execute attacker-controlled code as their local user or root.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README advertises multi-agent sync and team sharing features but does not warn users that prompts, decisions, notes, or other memory artifacts may be transmitted or exposed to other systems or users. In a memory-oriented AI tool, this omission can lead to accidental disclosure of sensitive project, business, or personal data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly recommends executing a remote installer via `curl ... | bash` without any integrity verification, pinning, or warning. This is dangerous because a compromised upstream repository, MITM in a weakened trust environment, or malicious update to the script can immediately lead to arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill promotes trade and multi-agent sync workflows that move memory/journal data between systems, but it does not provide a prominent warning about data sensitivity, trust boundaries, or the risk of syncing confidential information to remote hosts. In a memory system that stores decisions, reflections, and journals, this omission can cause unintentional disclosure of sensitive internal data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal