ClawHub

Elite Longterm Memory Backup

Security checks across malware telemetry and agentic risk

Overview

This is a real memory tool, but it encourages quiet persistent capture of conversation details and recommends external memory services without enough privacy guidance.

Install only if you intentionally want durable agent memory. Treat stored memories as sensitive data, avoid secrets or regulated information, review and prune memory files regularly, and enable Mem0 or SuperMemory only after deciding what conversation content may leave your local environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The skill is marketed as a 'bulletproof' long-term memory system with WAL, vector search, git-notes, cloud backup, and broad integrations, but the file only provides documentation and command snippets rather than implementing those guarantees. This overclaim can mislead users into trusting durability, privacy, and retention behavior that does not actually exist, causing unsafe operational assumptions and potential data-handling mistakes.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The Mem0 guidance recommends sending conversation content to a third-party service for automatic fact extraction, which expands data use beyond simple local memory retention. Because the examples operate on conversation messages and emphasize automatic extraction, users may expose sensitive prompts, secrets, or personal data to an external processor without adequate minimization or consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README promotes Mem0 auto-extraction and optional cloud sync as recommended features but does not warn that conversation content may be transmitted to third-party services and could include sensitive prompts, code, secrets, or personal data. In an AI memory skill, this omission is especially risky because users may enable persistent memory expecting local-only storage while the tool encourages broad conversation capture and cross-device syncing.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instruction to store decisions 'SILENTLY' directs hidden persistence of user-derived context without disclosure. Silent retention undermines user expectations and informed consent, especially when decisions may include sensitive business, personal, or security-relevant details.

Missing User Warnings

High
Confidence
98% confidence
Finding
Automatic fact extraction from conversations, especially via a third-party API, creates a substantial privacy risk when users are not clearly warned that their messages may be persistently captured and transmitted. The language emphasizes convenience and token savings but does not foreground the sensitivity of the data flow.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The agent instructions require writing user details to persistent memory before responding, but they omit any requirement to notify the user that capture is occurring. This can lead to unnoticed storage of preferences, deadlines, corrections, and other contextual details that users may assume are ephemeral.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill encourages broad persistence of conversation-derived data across local files, vector stores, git-notes, and optional cloud services. This architecture materially increases the chance of sensitive information being retained longer than intended or leaked through synchronization, retrieval, or third-party processing.

Ssd 3

Medium
Confidence
95% confidence
Finding
The WAL protocol and workflow examples semantically instruct the agent to capture concrete user details before every response, normalizing indiscriminate persistence of conversational data. In practice this can sweep up sensitive preferences, corrections, deadlines, and project details into durable stores without contextual risk checks.

Session Persistence

Medium
Category
Rogue Agent
Content
- [ ] ...
```

**Rule:** Write BEFORE responding. Triggered by user input, not agent memory.

### Layer 2: WARM STORE (LanceDB Vectors)
**From: lancedb-memory**
Confidence
87% confidence
Finding
Write BEFORE responding. Triggered by user input, not agent memory. ### Layer 2: WARM STORE (LanceDB Vectors) **From: lancedb-memory** Semantic search across all memories. Auto-recall injects releva

Session Persistence

Medium
Category
Rogue Agent
Content
User: "Let's use Tailwind for this project, not vanilla CSS"

Agent (internal):
1. Write to SESSION-STATE.md: "Decision: Use Tailwind, not vanilla CSS"
2. Store in Git-Notes: decision about CSS framework
3. memory_store: "User prefers Tailwind over vanilla CSS" importance=0.9
4. THEN respond: "Got it — Tailwind it is..."
Confidence
92% confidence
Finding
Write to SESSION-STATE.md: "Decision: Use Tailwind, not vanilla CSS" 2. Store in Git-Notes: decision about CSS framework 3. memory_store: "User prefers Tailwind over vanilla CSS" importance=0.9 4. THE

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal