ClawHub

CogniMemo Memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed third-party memory-service skill; it is privacy-sensitive but its sensitive behavior matches its stated purpose.

Install only if you want CogniMemo or its configured backends to retain and reuse AI interaction history. Treat stored memories as sensitive data, protect API keys, verify the SDK packages and provider terms, avoid storing secrets or regulated data unless approved, and confirm permission, deletion, and revocation controls before enabling automatic capture.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents use of environment variables and outbound network/API access, but no explicit permissions are declared. In an agent environment, this weakens transparency and consent boundaries because a user or platform may not realize the skill can read secrets and transmit data externally. Given this is a memory skill that handles persistent user data, undeclared capabilities are more sensitive than in a purely local utility.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad and generic, including terms like "persistent memory" and "ai memory," which can cause the skill to activate in unrelated conversations. Unintended invocation is risky here because the skill is designed to store and retrieve user history, potentially causing accidental collection or disclosure of sensitive context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The markdown promotes persistent storage of chats, documents, tasks, decisions, and user actions without an upfront, prominent privacy warning or clear data-handling disclosure. In a memory skill, this is dangerous because users may unknowingly enable long-term retention and cross-application sharing of sensitive personal or organizational information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The store method prints memory contents directly to stdout, which can expose sensitive user data such as preferences, decisions, tasks, or facts in logs, terminals, and observability pipelines. In a memory skill, stored content is especially likely to contain personal or confidential information, so console disclosure increases confidentiality risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal