ClawHub

Three Tier Memory

Security checks across malware telemetry and agentic risk

Overview

This is a local memory-management skill that intentionally stores conversation memories, with privacy caveats but no evidence of hidden exfiltration or unsafe behavior.

Install this only if you want the agent to keep local memories across sessions. Set WORKSPACE_DIR deliberately, avoid storing passwords, secrets, or sensitive personal/business data, review or delete the memory directory periodically, and install chromadb only from a trusted source with pinned versions where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation advertises commands that initialize, store, and search persistent memory files, implying file read/write and likely environment access, yet it does not declare permissions or capabilities. This creates a transparency and consent problem: an agent or user may invoke the skill without understanding that it can persist conversation data locally and potentially access configuration from the environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to retain user conversation content across short-, medium-, and long-term memory tiers, but the description does not warn about persistence, retention duration, or privacy implications. Users may provide sensitive personal or business data believing it is transient, when in fact it may be stored and reused later.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation states that automatic summarization uses a model and that long-term memory uses vectorization, but it does not warn that conversation data may be transmitted to an external LLM or embedding provider for summarization or indexing. This can expose confidential prompts, personal data, or proprietary information to third-party processing without informed consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples explicitly store preference data and personally identifying information such as a user's name in memory, but provide no warning, consent guidance, retention policy, or data-minimization advice. In a memory-management skill, this is especially risky because persistence is the core purpose, making accidental long-term storage of sensitive user data more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The integration example passes raw user_message and user_query into a memory system that is explicitly designed for persistence and retrieval, yet the docs do not disclose storage behavior or advise on handling sensitive data. Because this skill manages short-, medium-, and long-term memory, undocumented persistence materially increases privacy and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal